Monday, April 16, 2007

Social Security employee causing $2.5 million in credit card fraud reveals how easily information is stolen from within

Recently, I blogged about a former IRS employee, who committed $330,000 of retail refund fraud (basically shoplifting) in nine states. This morning, I read about a former Social Security Administration employee, who caused an alleged $2.5 million in credit card fraud by providing detailed information on victims to an external identity thief.

Sharon Gaudin at Information Week writes:

The indictment alleges that Batiste conspired with her cohort Craig Harris and others by agreeing to access the Social Security Administration's computer system to run search queries for Harris.

Harris, a 50-year-old Los Angeles resident, pleaded guilty in September to conspiracy and unlawful possession of a means of identification. Harris, who faces a maximum sentence of 10 years in prison, is scheduled to be sentenced on July 17.

The government contends that Harris would give Batiste some identifying piece of information about someone -- either a name or Social Security number -- and Batiste would then query the government system to pull up enough other identifying information to put the person's identity at risk.

Information Week article, here.

According to the article, the arrest was the result of the work of the Economic Crimes Task Force, which includes both federal and local assets in Southern California.

Last October, I wrote about a task force in Southern California responsible for catching a lot of insider related (employee) identity theft. My post is still up, but the link to the LA Times article is now down and nothing else can be found about it on Google.

I suppose insider problems aren't as newsworthy as large scale data-breaches, involving highly skilled hackers. The reason for this might be that they are embarrassing to the organization involved, and they don't help sell expensive (computer related) security fixes.

In fact, a trusted insider, can normally get past all the above referenced security fixes, simply because they have access.

And if you think about it, retail, restaurant and clerical employees have access to a lot of information. It's a lot easier to bribe, or even place a person inside an organization to steal information than hack it from the outside.

Trust me, it's going on in the business (and it appears) civil service worlds, daily.

Perhaps, all the experts, should take a closer look at this problem and how to control it.

Here's a previous post, I wrote on this subject, where the Secret Service is doing this:

Secret Service is Studying the Problem from Within

LA County has a hot line to report government employees committing fraud. The information to contact it can be found, here.

The FBI has also set up a place, where anyone can report public corruption, here.

A lot of large companies have a dedicated hot line to report internal problems, or you can ask to speak to someone in their security department. Smaller businesses normally don't have these resources, but most owners would be highly interested if someone working for them was stealing.

It's not good for business!

In some instances (not all), there are financial incentives for reporting insider dishonesty.

If you are worried about safety issues, I always recommending doing this, anonymously.

No comments: