By Geoffrey Fattah
April 10, 2008
Federal officials said a former state employee who took applications
from people seeking food stamps and other welfare aid worked with three
others to steal the identity of Utah residents and charge tens of
thousands of dollars in purchases.
During a joint press conference Thursday, federal and state officials
said this was the largest security breach at the Department of Workforce
Services and were working to re-instate the public's trust.
"It is a particularly gross crime," said U.S. Attorney for Utah Brett
Authorities unsealed indictments against four individuals, including one
Charged were Joshua Smith, 32, of Murray; Michelle Chapman, 29, of
Murray; John Johnstun, 44, or Midvale and Laura Bustamante, 34, of
Authorities said Bustamante had worked on and off with the DWS as early
as 2000 and recently had worked as an eligibility specialist, taking
applications from Utah residents applying for food stamps, financial
aid, child care programs including CHIP and Medicaid.
Deputy DWS Director Christopher Love said Bustamante had access to a
database containing personal information from as many as 1,775
individuals, including addresses, Social Security numbers and images of
Tolman said an investigation showed less than 100 accounts were used to
take out credit cards by the group. According to the indictment,
Bustamante would forward to her friends personal information from a DWS
database via phone or text. The group would then apply for credit cards
using the stolen information. Tolman said on a few occasions the group
charged as much as $10,000 to $12,000.
According to the Secret Service, the ID theft began in September of last
year. A report of a stolen car last January, in addition to a tip called
in to DWS, sparked the investigation. A search at a downtown hotel room
where Chapman and Smith were staying yielded a fake state ID card and
several credit cards in the name of DWS customers.
Love said Bustamante was immediately placed on administrative leave upon
receipt of the tip and she was later terminated.
DWS officials said they were doing everything they could to help victims
sort out their credit. Love said the department has sent letters to all
DWS customers who were at risk and have contacted known victims by
phone. The department has also set up a security support line to help
them take steps to minimize the impact of the ID theft. The Utah
Attorney General's Office has also established a Web site where
customers can obtain free credit reports and learn how to identify
potential fraudulent charges.
Love also said DWS is taking steps to review its security policies and
has also installed an internal tip hotline for its employees. Bustamante
had recently moved from a DWS satellite office and was telecommuting
from her home.
Bustamante is charged with one count of computer fraud, two counts of
aggravated identity theft and one count of destruction of records.
Johnstun is charged with one count of destruction of records. Smith and
Chapman are each charged with one count of access device fraud and one
county of aggravated identity theft.
The penalty for computer fraud is up to five years in federal prison.
Destruction of records carries up to 20 years in prison. Access to
device fraud is up to 10 years and aggravated identity theft carries a
mandatory-minimum sentence of two years and must be stacked against any
"We sincerely regret this breach of security," said DWS Executive
Director Kristen Cox in a statement. "Our former employee's alleged
misconduct certainly does not represent the long-standing honesty,
integrity and dedication of our staff to the well being of each and
every one of our customers."
DWS points out that after employing over 2,300 individuals, this is the
first instance of identity theft by an employee in the department's
Subscribe to InfoSec News