“All it takes is a single insider at a company … to set an identity theft ring in motion.” That comment from Manhattan District Attorney Cyrus Vance illustrates how easy it is to have your identity stolen — or how impossible it is to avoid it.
Vance's office announced today that it had indicted five people on a total of 394 counts, for allegedly belonging to an identity theft ring that stole the identities of patients at a Manhattan dental office, and used them to fraudulently buy Apple gift cards which in turn were used to buy Apple merchandise.
According to the indictment, Annie Vuong spent six months in 2012 working as a receptionist in a dentists' office. During that time, she allegedly copied the personal identifying information of more than 250 patients, including their names, brithdays, addresses, and Social Security numbers.
Vuong then allegedly emailed the information to Devin Bazile, a former sales associate at Apple, who allegedly used the data to apply for and receive “instant credit.” The indictment also claims that three additional employees from Apple stores helped take part in the scheme.
In all, the group is accused of buying more than $700,000 worth of fraudulent Apple gift cards.
“Using stolen information to purchase Apple products is one of the most common schemes employed by cybercrime and identity theft rings today,” Vance said. “We see in case after case how all it takes is single insider at a company – in this instance, allegedly, a receptionist in a dentists’ office – to set an identity theft ring in motion, which then tries to monetize the stolen information by purchasing Apple goods for resale or personal use.”
Coincidentally, District Attorney Vance's office made the announcement less than one day after the Anthem insurance company admitted that hackers had successfully breached a database holding the personal information of 80 million current and former Anthem customers.
Of course, the Anthem breach impacts exponentially more people than does this small identity-theft ring which allegedly targeted a relative handful of dental patients in Manhattan. (Statistically, there's a good chance at least one of those patients had medical coverage through Anthem, too, because rare indeed is the modern American who only needs to worry about one level of identity theft.)
But those 80 million Anthem customers and couple hundred Manhattan dentists' patients have this in common: their personal information made it into the hands of thieves, yet there was nothing those customers could've done to prevent it. A chain is only as strong as its weakest link, and your personal information is only as secure as the least-secure company that has it.