Biggest Identity Thief Ever Gets Put Away

Anonymous Brave Guy writes "Apparently computer helpdesk employee Philip Cummings had more than just a day job: he's just gone down for 14 years in the biggest identity theft case ever. Lots of fascinating nuggets of information in that story: apparently fake ID goes for as little as $60, and the total stolen over just a couple of years was somewhere in the $50m-100m range."

Just write it off I guess

[Lindsay+Lohan]

Philip Cummings, 35... a computer helpdesk employee...
Losses have been estimated to be between $50m (£38m) and $100m (£76m).
Cummings, who is still free on bail, must report to prison on 9 March. He is also due to pay compensation to be agreed at a later date.

Something tells me the 30,000 people he scammed aren't going to see a dime. Since Phil is not allowed to compensate with stolen funds, and he is unlikely to be returning to his lucrative helpdesk job anytime soon, I doubt he'll be able to fork over even $1 per victim.

Re:Just write it off I guess

[m3j00]

Something tells me the 30,000 people he scammed aren't going to see a dime. Since Phil is not allowed to compensate with stolen funds, and he is unlikely to be returning to his lucrative helpdesk job anytime soon, I doubt he'll be able to fork over even $1 per victim.

The actual "victim" in these cases is almost always the creditor, not the person whose identity was stolen. It costs the person a bunch of time and energy to correct the problems, but the stolen money comes from the creditors, and they have a budget for fraud.

Re:Just write it off I guess

[nizo]

But how much are all of his body parts worth at auction? Kidneys, corneas, heart, etc. Seems fair to me. Sadly still not enough I am sure.

Re:Just write it off I guess

[nonicenamesleft]

But how much are all of his body parts worth at auction? Kidneys, corneas, heart, etc. Seems fair to me. Sadly still not enough I am sure.

Writing this and being modded insightful +3...and they call the moslems barbaric.

Re:Just write it off I guess

[Ayaress]

It is a valid point, but the people themselves will get their money back (possibly less some fees depending on their bank). I'll use the example of my parents.

A few years back, my mom lost her credit card, and the wrong person found it. They rang it up to the limit buying all sorts of stuff. They bought a couch, a few DVD's, paid their bills, and even set their car loan to automatically bill the card. My mom rarely uses it for anything, so the sudden spending spree must have set off alarm bells, and they called her within a couple days, even before she'd realized she lost it.

It took my parents almost three months to get the mess all settled. The guy who found the credit card was on the verge of bankruptcy. It went to court, and his creditors testified that he was days away from getting his car reposessed, and that the couch he bought was probably to replace a living room set that he'd bought on credit and then failed to pay for.

There was no way he could afford to pay back what he'd stolen, but my parents got all their money back (Even the $50 limit they had to pay initially) through the credit card company, who have systems in place to protect themselves against things like this.

Re:Just write it off I guess

[mindstrm]

Yup, and that's how it is supposed to work. The onus is on the merchant to ensure that the person using the credit card is, in fat, authorized to use it.

The credit card is a token, a symbol to show that a given issuer is extending you credit, and will pay the merchant on demand. It is not the credit itself.

Far too many merchants do not check signatures and/or ask for identification.. and that's fine, because it's their gamble, not mine.

You can generally contest any payment made on your credit card, and the merchant will have to demonstrate that you authorized the transaction, or he's out of luck. Barring a signature, or stuff shipped to your address, or perhaps video evidence, there isn't much they can do.

Sorry

[savagedome]

I absolutely did not see this Cumming.

That should be good

[albn]

People like this should be put away for a long time for ruining one's credit rating and making their lives a living hell. Restitution will be good too, but how much can you make in the can? not much.

Good riddance.

Re:That should be good

[Thunderstruck]

While I agree, having been a victim of identity theft (only once that I know of) Perhaps part of the problem is credit ratings themselves.

There are other ways for a lender or landlord to learn whether a person is a risk. Most people have a reputation in their community that one need only ask to learn. Most credible people can provide credible references. The current addiction to putting everyone's number in a New Jersey database does more harm than good, especially when folks like Cummings come along.

Re:That should be good

[sjames]

I'll bet that if the credit agencies were held legally responsable for the hearsay they recklessly spout about people they would do a much better job verifying the accuracy of their information. If you or I published a report based on hearsay that did significant damage to someone's reputation, we would end up in court. If we couldn't show darned good reasons why we believed the information we published, we would end up being ordered to pay restitution.

Financial institutions aren't much better. Identity theft wouldn't be a problem if they would either stop issuing credit based on easily obtained 'proof' of identity without even a phone conversation (and apparently wondering why you want your bills sent to another state), or at least admit that they really don't have any idea who they sent a credit card to.

Honestly, an adverse report from a credit card isn't all that credible these days. While it's unlikely that the report is malicious or fraudulant, it's really quite likely to be in error.

Curious...

[MarkRose]

What I want to know is, when they caught the guy, did they have a positive ID?

Why?

[grahamsz]

Why does a help desk operator have access to my credit report?

Surely you can design a system where very few humans ever have contact with all of a persons information.

I've dealt with on UK bank where when you wanted to perform certain transactions using telephone banking you were passed to a second tier operator and instructed not to give them your name.

Presumably the system was set up such that no one person had enough confidential information on a single customer.

The US really needs far stricter controls on SSNs - it's insane how often i need my ssn for day to day transactions.

Re:Why?

[DoctorMO]

The UK has Data Protection laws now which mean that if employees have access to personal information they have to have a damn good reason, and if they don't the company is liable.

Re:Why?

[me+at+werk]

Social Security numbers were originally just a Tax ID, people wouldn't get them until age 16 or so (this was changed, according to wikipedia, in the 1980s when SSN's were required to list "dependants). It's sad, it was (as i'm told, I did not experience this) stated that it would "never be used as a national id" or something to that effect, and it has.

At least it's not to the same extent (i think) that it is in the UK. But that's not to say it won't be.

Re:Why?

[insert+3+letters]

You're worried about a help desk worker? That grumpy guy behind the counter at the video store (going off of Hollywood video) has your address, phone, birthdate, names of family members (and b-dates), and SSN (and a simple print screen will print all that data off). This is at the lowest level. Higher up, you get credit card numbers cause we store those. Oh and you *can't* really delete an account, when we "delete" an account, we simply set it to do not rent to. All the data's there. And I'm not quite sure about this, but I think all the customer data for a store (many tens of thousands?) is kept on a local server, probably with minimal ecyption (judging by the age of the system and a couple other factors). Not to mention that that vindictive sales man could just check out a movie on your account and lose it. I'm so glad I quit that job and am getting a "real" job. I think I'll stick with cash for movie transactions though.

Re:Why?

[Papparazzi]

>> "never be used as a national id" or something to that effect, and it has.
It is now used as a drivers licence # in many states, if you don't specificly request that the Dept. of Revenue not use it. This means that evey time you buy a bottle of wine, or cash a check, the cashier can ask to see it, or else you don't get what you are buying.

Oh good call, your Honor.

[mikeophile]

Cummings, who is still free on bail, must report to prison on 9 March.

It's not like the guy could change his identity or anything.

It would be better for consumers if

[museumpeace]

this s**tbag's employer, Teledata Communications, was heavily fined...they must have had hundreds of complaints over the course of the thievery and never turned enough scrutiny on their own orgnaization to see the problem until way too late. I will be looking at which credit card issuers, banks, etc use Teledata Communications services and seeing if I can avoid doing business there.

but who says their competition is any safer?

Re:It would be better for consumers if

[loraksus]

It is shocking, simply shocking that someone who gets paid $10 an hour steals customer information if he has the chance because the company's security policies were virtually useless.

It never ceases to amaze me...

[bennomatic]

...that these folks just don't learn. People who do this get caught because they keep going and going and going. Once you have a few million, you don't need to scam anyone any more! Just invest and retire! You will eventually mess up, and you WILL get caught!!

Of course, this sort of idiotic greed is what got them to start doing these bad things in the first place. I can't imagine trying to steal identities no matter how much the profit, myself.

Re:It never ceases to amaze me...

[gl4ss]

i'm sure someone retired with that money.

just not this little drone in the circles...

Re:It never ceases to amaze me...

[Da+Fokka]

You never hear of the ones that do learn and do stop in time.

NOT the biggest ID thief ever...

[Anita+Coney]

... but the biggest ID theif ever caught.

Why is it?

[modemboy]

Seems like all the huge criminal acts these days are inside jobs. Companies from grocery stores to office buildings are spying on their employees for this exact reason.

Fake ID

[MrRuslan]

Here in NYC anyone can obtain a fake ID for under $50 bucks and it looks legit enogh to pass...And it's legal too because it has a disclamer in he back. I used to use one to get into clubs but i also used it (with my real info on it) to goto the bank because i always loose my wallet and i just get one for $30 bucks and i never had a problem with it...People who deal with money should be educated on whats real and whats not.

Re:Fake ID

[coyote-san]

I doubt a disclaimer on the back would get you off the hook if the front "looked legit enough to pass." If you used it as a fake id, it's a fake id and you could find yourself in a shitload of trouble.

Consider four data points. First, would it be legal if you deposited a check with some nice hefty figure on the front, but a "not a valid check do not accept" notice on the back? Or do you think you'll get a hefty fine from your bank (at best)? People have tried this, it's not a theoretical question.

Second, remember the story a while back about somebody passing an obviously fake $200 bill? It didn't matter that the bill had a picture of Daffy Duck (or whatever), they passed it as US currency and the feds hit them with federal counterfeiting charges.

Third, every so often some teens get the bright idea of driving around and shooting people with bb or paint guns. Just a joke, right? Nope - they find themselves facing felony "assault with a deadly weapon" charges because their victims thought they were being shot by a real gun.

The extreme form of this are idiots who do holdups with fake guns. Ha ha ha - they still get a mandatory 5 or 10 year extension for possessing a firearm during the commission of a felony. I've even heard of a case where somebody got that extension for the "finger in your coat pocket" trick.

Finally there's the guys who sell flour to undercover narcs. It's legal to sell flour, right? Wrong - if they claim they're selling you cocaine then it's attempt to distribute. The fact that they knew it was flour is legally irrelevant.

What!?!?!?

[mr_resident]

HE's not Philip Cummings!

I AM!!!

Depends on the industry

When I worked for a broker, I had access to client SSNs, clearing house info for EFT, the whole nine yards. We were monitored, but that only went so far. Our tech support guys had all the same info.

Oh, we passed all the industry regulation background searches, etc. In fact, I saw a number of people kicked out of my training class when the searches uncovered bounced checks, forgeries, and other financial crimes. But that's the thing - many people who do that stuff do keep trying to get jobs in the industry. Which makes me think there's a high likelihood that people prone to doing that in general try to take those jobs. I know it's a bit presumptuous, like assuming all pedophiles without records will try to get jobs with kids simply in order to molest them - I'm sure less than 100% of them molest, but as an aggregate group they're unsafe - and it scares me to know how open this access is, especially when I know what they get paid and the educational requirements involved for the job.

No way

[siskbc]

There are other ways for a lender or landlord to learn whether a person is a risk. Most people have a reputation in their community that one need only ask to learn. Most credible people can provide credible references. The current addiction to putting everyone's number in a New Jersey database does more harm than good, especially when folks like Cummings come along.

Like hell. First, that would be as useful as the references on a job application - no one pays attention to those, because if you can't get 3 friends to lie for you, you must be a real psychopath, let alone a credit risk. Second, those recommendations are only any good when considering the character of the referrees, so this quickly becomes a boundless recursive problem.

Also, where are these little communities anymore where everyone knows each other? Do you live in Mayberry? I know like 5 people in my entire building.

Overall, this process of trying to holistically determine credit worthiness without a centralized system would be slow as hell and obscenely expensive, if for no other reason than it would be so ineffective that banks would have to charge higher rates to account for their inability to determine credit worthiness. I don't like credit fraud either, but let's not toss the baby with the bathwater here.

And if nothing else, what if you move? Do you just get charged the highest possible rate in your new town because the community doesn't know you?

Re:No way

[lubricated]

> I live in Dickinson, North Dakota.

population 16,000 in the middle of a state that's in the middle of nowhere.

And thus you know everything there is to know about meeting people in New York City.

Re:No way

[dirkdidit]

the middle of a state that's in the middle of nowhere

Not to nitpick or anything, but Dickinson is slightly west and south of the middle of nowhere. The middle of nowhere is actually in Rugby, ND, which is the geographic center of North America.

This isn't about fake id's

[Phil+John]

it's about stealing people's identities (by obtaining as much information about them) and setting up loans etc. in their name. The criminals then don't repay, the loan company comes knocking on the victims door and they then have to spend time and money reinstating their good name and credit rating.

Identity theifs really are the lowest of the low as far as "white collar" crime goes, I hope this guy rots in a stinking cell for as long as possible.

In Other News...

[AmberBlackCat]

To add insult to injury, Mr. Cummings has now learned that everything he has purchased with his stolen ID's has been confiscated, including his new robot... his new girl robot. Heh heh heh...

Meanwhile, at George Mason University....

[44BSD]

32,000 staff and student ID records, including photographs and SSN's have been exposed to {h|cr}ackers, possibly for as long as two months. GMU is home to The Center for Secure Information Systems. In other news, the cobbler's children are going barefoot...

Why do you call this THEFT?

[r6144]

I agree with many slashdotters that copyright infringement is different from theft, so why do you call this "theft"? After all, the victim did not lose his identity, and if you consider the money as stolen (which may be true, but it is still somewhat different IMHO), it isn't the identity that got stolen...

I'm not condoning the behavior, I just don't like the wording.

Others countries dont have a credit report system

[droopycom]

France for example....

And their system is working fine.

As long as you have a paycheck or a parent with a paycheck that can back you up you can usually rent an appartement.

Also French people use credit a lot less tahn American, and I guess thats better for everybody.

Re:As a victim of identity theft....

[dabigpaybackski]

Come to think of it....maybe a public execution would be in order.

We could get one of those dudes from Saudi Arabia, you know, the guys with the big scimitars who lop off the heads of criminals. Then we put up billboards of this glowering headsman everywhere with the message, "If you commit identity theft, I will cut your fucking head off."

Might make a dent at least.

What a moron

[erroneus]

You know, I feel that crime is bad and all... I wouldn't risk my future on it -- I know first-hand how damaging a felony can ruin a person's life as I've seen it. It's frightening really. Losing all those rights... even the ones you think you don't need. That said, it tweaks me more to see how stupid the average criminal really is. Take this guy for example.

Using information collected from your work place is a REALLY stupid thing to do. When masses of ID theft cases are compiled, it seems pretty obvious that these collections will have things in common such as places where the stolen information was used. It stands to reason that there would be one or two places where a collection will have information in common such as where they shopped. This fact brings the people responsible one big step closer to being caught. From there it's simply a matter of detective work to narrow the selection of people down to a few or even one.

When a crime is repeated over and over and over again, it simply increases the likelihood of being caught. I read somewhere here on Slashdot a bit of criminal advice that just makes too much sense. If you are going to commit a crime, make sure it has two criteria met: (1) It's big enough that it is worth the risks involved and (2) that you never EVER do it again.

Criminals get caught because they do it and keep doing it. They also don't seem to plan to get away with it. Stupid stupid stupid....

quid pro quo

[lubricated]

no one said anyone is allowed to rip people off. Simply that if you pay your employees shit, you get shit employees. Like this guy.

of course the creditor...

[Cryptnotic]

The actual "victim" in these cases is almost always the creditor

Of course, the creditor makes up that money by charging everyone higher interest rates. Also, it IS possible for identity theft to lead to someone walking into a bank with your info, SSN, valid ID, et cetera and clear out your bank account. But most of the time it's the far easier credit card fraud.

How do other countries do this?

[JRHelgeson]

The USA uses the Social Security Number to apply for credit. How do citizens of other countries apply for credit? What unique identifying number do they use to identify themselves? Do they have companies similar to Experian, TransUnion or Equifax?

Re:How do other countries do this?

[Joel+from+Sydney]

I'm not aware of a single repository for credit reporting data, though I don't work in the finance industry. I think our system works slightly differently in that we don't put as much emphasis on "credit". Most of our credit purchases are done via credit cards, which then makes it the financial institution's job to keep track of their own customers.

I'd be extremely surprised if they didn't share good and bad risk type information amongst themselves though.

As for the third question, identity theft seems as much of a problem here as it is in the US. Access to one source of compromised information generally reveals a multitude of data about a person. There's no reason that couldn't be used maliciously.

Re:Cummings, who is still free on bail, must repor

[Hatta]

And how would you get there? Hidden in the back of a car or in someone's luggage? You won't get through customs. Your passport is definitely revoked in such case.

Yeah, if only he had some way of getting a new identity.

Re:Small towns suck.

[dirkdidit]

Hey now, we're not all hicks up here. Yes, we have those people who part cars on blocks in front of their trailer, but so does every other state.

We're rather intelligent, atleast when it comes to test scores. North Dakota has some of the highest educational test scores in the nation. We might live in a rural part of the country, but that doesn't mean we just live scattered out on the prairie, drinking beer and riding our tractors. Most people in North Dakota actually live in cities (well, what we call cities...population 10,000 or more) and have jobs in the service industry. Agriculture is a huge part of our state economy, however its really made up of a rather small group of people, and even the farmers usually aren't too hickish.

Tourism is our second largest industry-sector, behind agriculture. You'd be surprised what North Dakota has to offer.