Operators of a widespread identity-theft and fraud scheme have bilked thousands of U.S. servicemembers and veterans out of millions of dollars in stolen funds and Veterans Affairs (VA) benefits payments.
Fredrick Brown pled guilty this week, revealing that in his role as a civilian medical records administrator for the U.S. Army at the 65th Medical Brigade, Yongsan Garrison, South Korea, he used his access to the Armed Forces Health Longitudinal Technology Application to steal the personal identifying information (PII) of thousands of military members. The PII included names, Social Security numbers, Department of Defense (DoD) ID numbers, dates of birth and contact information. The theft was carried out from July 2014 to September 2015 by taking screenshots of the servicemembers’ records.
Brown admitted that he took the stolen data and gave it to a co-defendant, Robert Wayne Boling Jr., who went on to allegedly monetize the PII. Boling and his Philippines-based co-defendants, Allan Albert Kerr (an Australian citizen) and Jongmin Seok (a South Korean citizen), allegedly used the information to pose as servicemembers and access DoD and VA benefits portals. Once through the portal, the defendants are alleged to have accessed detailed benefits records to steal millions of dollars from military members’ bank accounts and intercept veterans’ benefits payments, according to the U.S. Department of Justice.
The scheme unravels further: Boling then allegedly worked with co-defendant Trorice Crawford to recruit money mules — individuals who would deposit the stolen funds into their bank accounts and then send the funds through international wire remittance services to the defendants and others in a money-laundering operation, according to the DoJ.
U.S. servicemembers are often the target of scammers. Last year, prisoners incarcerated in South Carolina posed convincingly as beautiful women on social media platforms to “catfish” members of the military. The scam affected 442 service members from the Army, Navy, Air Force and Marine Corps and swindled them out of more than $560,000. Meanwhile, their PII has been repeatedly exposed in data exposures, including the recent Autoclerk incident, where a leaky database owned by the reservations management system exposed the personal data and travel information for thousands of users – including U.S. government and military personnel.
Sentencing for Brown is scheduled for early February; he pled guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to launder monetary instruments – and he faces up to 20 years in federal prison for each conspiracy charge.
Boling, Crawford, Kerr and Seok are charged with multiple counts of conspiracy, wire fraud and aggravated identity theft. Crawford remains in federal; and Boling, Kerr and Seok are in custody in the Philippines awaiting extradition.
What are the top mistakes leading to data breaches at modern enterprises? Find out: Join experts from SpyCloud and Threatpost senior editor Tara Seals on our upcoming free Threatpost webinar, “Trends in Fortune 1000 Breach Exposure.” Click here to register.