Advertisement

Lawmakers demand answers in wake of strange OPM identity fraud lawsuit

Virginia lawmakers are especially interested in learning how the defendants acquired the data.
OPM identity fraud
(Wikicommons)

With mystery swirling around an identity theft case where prosecutors have claimed the perpetrators used personal information included in the Office of Personnel Management breach, two lawmakers are pushing the government for more information.

A pair of letters sent this week by Sen. Mark Warner, D-Va., and Rep. Gerry Connolly, D-Va., to the heads of the Department of Justice and OPM issues a number of questions about the alleged identity fraud charges. The Virginia lawmakers are especially interested in learning how the defendants acquired the data.

On June 18, the Eastern District of Virginia announced that a Maryland woman had pleaded guilty to identity theft charges. That press release initially said the data used in that crime was from the OPM breach. On June 21, the district issued a correction to their press release, stripping any mention of the breach.

A comparison of the press releases issued by the U.S. Eastern District of Virginia. On the left, the press release from June 18. On the right, the amended version from June 21.

Advertisement

Virginia is home to the single largest population of federal workers and government contractors. Data stolen from OPM carried highly sensitive personal identifiable information, including social security numbers and medical records. Fears that the stolen data could be used by criminals has been looming for years.

The widely assumed notion is that OPM breach was carried out by a Chinese government-linked hacking group that was looking for counterintelligence material. While never publicly attributed to any group, the breach was not believed to be carried out by financially motivated actors.

The latest revelation challenges that narrative and simultaneously helps various civil lawsuits still pending against the government for the breach.

It remains possible that the defendant in this case used stolen data that also existed in OPM’s database, but was taken entirely different source, such as a breached financial institution.

Since the DOJ announcement, current and former government officials affected by the breach have questioned if they, too, are now at risk of having their identities stolen.

Advertisement

Multiple attempts to contact the defendant’s lawyer went unanswered.

Connolly told CyberScoop Wednesday that if the alleged fraudsters really did use data stolen by hackers during the 2015 OPM breach, it would be “hard to believe” that there weren’t more victims of fraud using that data.

But regardless of what emerges in the fraud case, Connolly said that there was a continued and urgent need to protect the OPM breach victims.

“I am very alarmed,” he said. “What additional measures are we taking to protect against that [fraud]?”

You can read the letters from Connolly and Warner below.

Advertisement

Sean Lyngaas contributed to this report.

[documentcloud url=”http://www.documentcloud.org/documents/4560208-Letter-to-DOJ-and-OPM.html” responsive=true]

[documentcloud url=”http://www.documentcloud.org/documents/4562291-2018-06-26-Gec-Letter-to-Doj-Opm-Data-Breach-Case.html” responsive=true]

Chris Bing

Written by Chris Bing

Christopher J. Bing is a cybersecurity reporter for CyberScoop. He has written about security, technology and policy for the American City Business Journals, DC Inno, International Policy Digest and The Daily Caller. Chris became interested in journalism as a result of growing up in Venezuela and watching the country shift from a democracy to a dictatorship between 1991 and 2009. Chris is an alumnus of St. Marys College of Maryland, a small liberal arts school based in Southern Maryland. He's a fan of Premier League football, authentic Laotian food and his dog, Sam.

Latest Podcasts