Wow. Rachel Weiner reports that data in the Office of Personnel Management (OPM) hack may have shown up as part of a fraud scheme:
Four years after hackers stole personal information from over 22 million people through the Office of Personnel Management, a fraud scheme exploiting that data has come to light in southeast Virginia.
Two people have admitted in Newport News federal court that they used the stolen identities to take out fake loans through a federal credit union. The case appears to be the first involving OPM data to be publicly revealed by the Justice Department.
Read more on The Washington Post.
Update: So that headline may have been a bit optimistic. Looking through the court filings in Cross’s case, I don’t see any hard evidence that the data used in this fraud scheme came from the OPM hack. So far, the closest I’ve found is one sentence in the “Statement of Facts” used as part of the plea deal that says:
6. Investigators determined that many of the identity theft victims had been victims of the United States Office of Personnel Management data breach and resided in Colorado.
Not exactly super-compelling, is it? So maybe we do have some evidence of misuse of the data. Or maybe we don’t.