US Passport Agency Contractor Stole Applicants' Data To Steal Their Identities

An anonymous reader writes: According to federal prosecutors three women are responsible for an identity theft and wire fraud scheme targeting both the Houston and Atlanta passport agencies. Chloe McClendon, Alicia Myles, and Dominique Thomas are accused of stealing personal information from the passport administration and transmitting it back and forth between one another. The stolen information was used to obtain lines of credit in order to purchase iPhones, iPads and other electronics. The scheme went on for over five years.

A private contractor

[humptheElephant]

Here's the case of a for profit contractor, probably charging a 300% overhead, not checking out their employees well enough. But hell, why not, more profits, more pay for the CEO. The government can pay it, its rich. Someone knows someone to get these folks a good paying contract.

Re:A private contractor

[meglon]

Grow a brain then try using it. The root cause is greed, enabled by the privatization of what should be a government function. Your stupid asshatery hatred of the government IS part the problem. This shouldn't be tagged "government" it should be tagged "private contractors," but sadly there's too many idiots who want to say government is bad all the time without seeing that many issues with government stem from the private sector committing various frauds and thefts from said government.

For the record, i don't have a passport... and i'm not such a fucking idiot that i think the government is going to come shoot me because i don't. I swear, peoples IQ must have dropped by 50 points in the last 30-40 years or so. There's just that many more fucking idiots than i remember while growing up.

Re:A private contractor

[TsuruchiBrian]

The root cause is not greed... Unless you think nothing causes greed.

Even the passport office isn't corruption free.

[Anonanonaon]

Imagine the back door dealings bonanza the anti-privacy industry will provide.

Just look at the nuclear missiles rotting away in staffed-by-stoners facilities today. The government may (MAY) be sort of secure, keeping your info available only for high level thugs to play with, (the kind of people who steal your money with much more sophisticated schemes than robbing you of your wallet), but one day some lame hood with tattoos on his neck will be helping himself.

Re:Unnecessary

[TWX]

The problem is, entities that are willing to extend credit or otherwise deal with fairly large sums of money generally want to guarantee that the person they're doing business with is indeed who they claim to be. They attempt to collect such information to use it for verification, but when too many entities collect this information then inevitably it gets stolen or accidentally exposed. Unfortunately there's no real-world equivalent of PGP signing or other means to generate a one-way signature that can prove that the individual is who they claim to be. I don't see a practical way to create such a thing either, between the potential for abuse and the need to ensure that if such a system were created, that it would secure from all those that would seek to exploit it.

The real solution is to stop engaging in transactions that need such means when they're not necessary. That would probably slow the economy though, and if we don't, "spend, spend! SPEND!" then many believe that it harms the country.

Why, why, why.

[sotweed]

What possible reason is there for the passport office to need to expose this information outside the agency?

How can it possibly be worth the risk, even if there is some minor function which they outsourced to the
fraudsters.

The gummint ought to be forced to do an analysis of the risk and value before the outsource a function
which provides this kind of access to the data of citizens. Private companies might do well also to do it.

Re:Why, why, why.

[AK+Marc]

Because the Passport is considered ID, so the government does checks on the information to verify it, and those checks may be specialized or troublesome, so they contract them out. Though, they don't do a good job of it.

But who background checks the background checkers?

Re:Why, why, why.

[Ryanrule]

this was a PRIVATE contractor. it was being used because BIG GOVT BAD BIDNESS GOOD MAKE MORE BIDNESS.

Re:Why, why, why.

[dunkindave]

I worked for a while in a facility that required everyone to have a government security clearance. The management once sent out a notice telling people to lock up anything valuable when unattended since there had been some thefts. The notice reminded people that the background checks are designed to determine if the person can be trusted to protect the government's information, not that they in general are honest people. You would hope there is a massive overlap between those two groups, but apparently there are people they feel wouldn't sell out their government, but would sell out their coworkers. Of course if caught, having a criminal record mostly excludes the ability to get or keep the clearance.

Why the contractors?

Why commission contractors to handle tasks that are really the remit of government? Especially when you consider that there are thousands of government agencies, many of which are doing things that are highly questionable or even entirely not the proper remit of government.

IRS e-file risk

[Skapare]

this is the concept of why i do not use e-file for my annual tax filing. the e-file scheme give some filing company a lot of personal info. i trust the IRS more than any of those businesses. i used one once (a major name) and got marketing mail from them for 5 years.

One way to disincentivize this behavior

[MikeRT]

A few years working on a chain gang in the deep south cleaning up highways would do wonders to make most identity thieves think twice.

Re:Unnecessary

[gsslay]

A good solution would be to stop calling instances like this "identity theft" (a person has had their identity "stolen") and instead call it what it is; "identity fraud" (a company has been fooled into thinking a thief is someone else and given them money).

Once it's clearer that the victim is the company, and not the person, then they might start taking the process of handing out money a bit more care over ensuring that people are who they claim to be.

Have said this many times ...

[gstoddart]

The biggest risks to us isn't us, it's the clowns they hire ostensibly to keep us safe.

The cops. The TSA agents. Customs agents. The baggage claims people. The people who processes passports.

All of these people have FAR more access to really make a mess and break the law.

So, as usual, the watchers are the ones who aren't watched nearly enough and who do the most damage. The rest of us get treated like cattle, and they never find anything.

Re:Unnecessary

[Jason+Levine]

As someone who had his Identity stolen/used, I can attest that the person is a victim also. I was lucky, relatively speaking. The thieves opened a credit card in my name, using my name, address, DOB, and SSN. (Interestingly, they got Mother's Maiden Name wrong, but that didn't raise any red flags.) They paid for rush delivery of the card and THEN changed the address. (Second red flag missed: Immediately changing the address to a different state right after opening the card.) Due to a quirk in processing, the card got sent to me. Had it been sent to them, they would have charged up a storm and the collections agency would have banged down my door for me to pay the $5,000+ debt.

Identity theft victims - the people, not the companies - can find their credit rating shredded. They can spend years trying to repair the damage that an Identity thief ruins in a weekend of binge buying. And this doesn't even get into Criminal Identity Theft where an arrested criminal gives your name, SSN, DOB, etc to the police so that you wind up with a criminal record without ever having committed any crimes. And good luck getting all of the police systems corrected. They all feed into one another so fixing one means the bad data will just flow back into it.

Like I said, I was lucky. I still need to spend the rest of my life with my credit file frozen - my information is out there and could be used to open new accounts at any point if I left it unfrozen. It means that any time I need my credit file used (new car loan, credit check, opening a new credit card, etc), I need to pay to thaw my accounts for a limited period of time and hope that the transactions complete in that time frame.

Re:Unnecessary

[Bob+the+Super+Hamste]

It isn't "identity fraud", now you are just making up terms. There is actually a legal term and laws against this already called Wire Fraud or Mail Fraud. Too bad prosecutors and investigators don't put the screws to these idiots and send them off to federal pound me in the ass prison. The get charged with things but only small fraud charges and the victims of the original fraud then go off to further victimize others.

The one time I was contacted about having some huge credit card bill that was late by some credit card company, I politely told that that I have never requested nor received a card from them. I then informed them that since I had never personally opened an account with them they were attempting to commit wire fraud at this point and that if they pursued this matter I would be filing wire fraud chargers against them. Additionally I told them that reporting a non payment or late payment or any such action on my credit report I would consider to be libel and would file a suit against them for that. It is amazing how quickly their tone towards you changes when doing something like that. They immediately apologized and in short order got things cleared up and I even received a letter in the mail from them stating that I was not the owner of that debt and that all issues related to it had been taken care of. Granted this was with American Express and I have heard that they actually have pretty good customer service but it did seem to cut through the bull shit pretty quick.

Re:Unnecessary

[cusco]

After twice asking Bank of America to stop sending the stupid "convenience checks" linked to our credit card, someone stole some out of the mail box and wrote a $996 check. We got it canceled, and found out that they chose that amount because over $1000 was a felony and the police won't bother investigating misdemeanor fraud. BoA cancelled our card and reissued new ones immediately, but my wife was in Peru. I tried to stop or delay the cancellation but their customer service person said that it was required, she didn't have a choice. Fortunately Rosa had a debit card and was able to withdraw cash until I could overnight the new one down to her when it arrived a week later, but she would have had problems if she were in a smaller town.

BoA finally stopped sending the checks after that.

Re:Unnecessary

[TsuruchiBrian]

I would say that the "person" is not the victim, except that in the process of stealing the money, they identity fraudster also ruins the person's credit, making it impossible or just very hard to correct.

If somebody steals money from a bank, but also causes me to lose the ability to borrow money to good interest rates for years, while I must spend countless hours trying to fix information about myself by dealing with various bureaucracies with no real motivation to help me, then I am also a victim.

In a lot of cases of identity fraud the amount of money that is stolen is worth less than the time and effort it takes to repair your reputation.