NEWPORT NEWS, Va.–What becomes of the information stolen in data breaches? It can come back to haunt years later, as one credit union here has learned.
Four years after hackers stole the personal information of 22 million people through the Office of Personnel Management, two defendants have admitted in federal court here they used some of that information to take out fraudulent loans through Langley Federal Credit Union.
Kariva Cross, 39, and Marlon McKnight, 40, have pleaded guilty to conspiracy to commit bank fraud and aggravated identity theft, according to the Washington Post.
What isn’t known is how Cross and McKnight obtained the OPM information. According to the Post, government officials traced the hack to China, and a Chinese national was accused in California in 2017 of using the same type of malware. Cross and McKnight were not accused of any hacking-related crimes.
A spokesperson for the Eastern District of Virginia declined to elaborate on how the two defendants got access to OPM data, the Washington Post reported.
Under the scheme, the defendants took out car and personal loans at Langley Federal Credit Union in the names of the victims, many of whom were based in Colorado and exposed through the OPM hack, according to prosecutors.
How the Scam Worked
Then defendants would pose as the car owners and cash loan checks or get wire transfers from the accounts they set up, prosecutors said. The scam began to unravel when one victimized member received a past-due balance notice on a vehicle loan and contacted the credit union, according to court documents.
Earlier this year, a third person, Erica Latin-Hunter, admitted to allowing her name be used as the supposed owner of a Nissan SUV sold to the member. She then cashed checks against a loan made in the member’s name.
Chris Wysopal, chief technology officer at the cybersecurity firm CA Veracode, told the Washington Post the information may have surfaced on the dark web, where criminals could have purchased it for as little as $20 to $30. He further told the Post there must have been a “telltale sign” that enabled investigators to confirm that it came from the OPM breach and not another data compromise.