Oct 232018

Joshua Yeager reports:

A U.S. Navy man will spend three years and six months in prison for his involvement in an identity theft ring that stole more than 2,500 credit card numbers and fraudulently purchased $340,000 in consumer products in 2012.

Jarrod Langford, 27, pleaded guilty to conspiracy to commit credit card fraud and aggravated identity theft while he was an active Navy member at Lemoore Naval Air Base, according to U.S. Attorney McGregor Scott.

Read more on Visalia Times Delta.

Sep 282018

Bill Miston reports on quick work by law enforcement:

Two men arrested in Oklahoma City this week are suspected of hacking and stealing millions of dollars from a California-based cryptocurrency company.

Fletcher Robert Childers, 23, and Joseph Harris, 21, both of Missouri, were arrested by Oklahoma City Police at a west side hotel Monday. According to court documents, the two are suspects in a $14 million theft from Crowd Machine, headquartered in San Jose.

According to a search warrant filed in Oklahoma County, Crowd Machine reported the hack and theft to a California computer crimes task force on September 22. It’s believed, according to court documents, that the hack was accomplished through a SIM swap, which allows hackers to steal a person’s mobile phone number and identity.

Read more on KFOR.

Sep 202018

From the Office of Attorney General Maura Healey, an announcement of a settlement in the wake of insider breaches: 

BOSTONUMass Memorial Medical Group Inc. and UMass Memorial Medical Center Inc. will pay a total of $230,000 to resolve claims that two separate data breaches exposed the personal and health information of more than 15,000 Massachusetts residents, Attorney General Maura Healey announced today.According to the AG’s complaint, filed last week along with a consent judgment in Suffolk Superior Court, two former employees of UMass Memorial Medical Group Inc. and UMass Memorial Medical Center Inc. in separate breaches improperly accessed patients’ personal and protected health information for fraudulent purposes, such as opening cell phone accounts and credit card accounts. The AG’s Office alleges the UMass entities violated the Consumer Protection Act, the Massachusetts Data Security Law, and the Health Insurance Portability and Accountability Act when they failed to properly protect patients’ information.

“Massachusetts residents rely on their health care providers to keep private health information safe and secure,” said AG Healey. “This resolution ensures UMass Memorial implements important measures to prevent this type of breach from happening again.”

Investigations by the AG’s Office revealed that the breaches exposed patient information including names, addresses, social security numbers, clinical information and health insurance information.

The AG’s lawsuit alleges that UMass Memorial Medical Group Inc. and UMass Memorial Medical Center Inc. knew of these employees’ misconduct but failed to properly investigate complaints related to these breaches, discipline the employees involved in a timely manner, or take other steps to safeguard the information.

As part of the settlement, the UMass Memorial Medical Group Inc. and UMass Memorial Medical Center Inc. have agreed to conduct employee background checks and ensure proper employee discipline; train employees on the proper handling of patient information; limit employee access to patient information; identify and remediate potential data security issues; and promptly investigate suspected improper access to patient information.

The UMass Memorial entities will also be required to hire an independent third-party firm to conduct a review of its data security policies and procedures, which the health care entities will report to the AG’s Office.

This matter was handled by Assistant Attorney General Michael Wong and Legal Analyst Elizabeth Carnes Flynn, with assistance from Division Chief Eric Gold, all of AG Healey’s Health Care Division.

Sep 192018

Ada Hui reports:

On Thursday, September 6, the Fresno Division of the U.S. District Court for the Eastern District of California concluded a 14-month-long civil forfeiture case to seize assets and property that belonged to Alexandre Cazes, the Canadian national who committed suicide by hanging in Thai prison last summer – days after being arrested on suspicion of operating the darknet marketplace AlphaBay.

Cazes, whose death prevented him from standing trial, is alleged to have facilitated and profited from sales of illegal goods and services to U.S. and overseas customers on AlphaBay until it was shut down by law enforcement in a dramatic confrontation outside of his primary residence, where he was led off in handcuffs on conspiracy charges related to identity theft, fraud, racketeering, trafficking and money laundering on July 7, 2017.

Read more on Coindesk.

Sep 122018

Molly Sullivan reports:

Thirty-two suspected gang members were charged on suspicion of committing a “high-tech crime,” which involved hacking into credit card terminals in dental and medical offices, and stealing patient identities, the California Department of Justice announced Monday.

Attorney General Xavier Becerra said at a news conference in Sacramento the gangs, known as the BullyBoys and CoCo Boys, teamed up to steal at least 40 credit card terminals, which he called the “modern cash register.” The terminals — which are used to process credit and debit card payments — were burglarized and hacked to process $1 million in fraudulent returns.

“This is big money,” Becerra said.

Read more on SacBee.