Way back in 2015, the US Office of Personnel Management (OPM) was electronically burgled, with hackers making off with 21.5 million records. That data included social security numbers, fingerprints, usernames, passwords and data from interviews conducted for background checks. Now, a woman from Maryland has admitted to using data from that breach to secure fraudulent loans through a credit union.
The US DoJ says that Karvia Cross "participated in and recruited others to engage in a fraudulent identity-theft scheme targeting" the Langley Federal Credit Union (LFCU). In 2015 - 2016, LFCU was inundated with loan applications that used the personal details of the individuals from the OPM database. The loans were approved, and paid out the money to the respective perpetrators of the fraud.
Conspiracy to commit bank fraud and aggravated identity theft are the two crimes that Cross has copped to, and faces a jail term of between two and 30 years. Another member of the group, Marlon McKnight, pleaded guilty to the same charges on June 11th and, like Cross, sentencing has still to be determined.
Reuters asked the obvious question: how did the pair get hold of this raft of stolen data, but the DoJ has yet to comment. If they committed the hack that grabbed all of this information, then they must also have the rest stored somewhere. If, however, they purchased it on the black market, then perhaps they can point us to those who did commit the act in the first place.