Authorities: State employee used confidential information in identity fraud case

Authorities: State employee used confidential information in identity fraud case
Authorities: State employee used confidential information in identity fraud case,5143,695269275,00.html 

By Geoffrey Fattah
Deseret News
April 10, 2008

Federal officials said a former state employee who took applications 
from people seeking food stamps and other welfare aid worked with three 
others to steal the identity of Utah residents and charge tens of 
thousands of dollars in purchases.

During a joint press conference Thursday, federal and state officials 
said this was the largest security breach at the Department of Workforce 
Services and were working to re-instate the public's trust.

"It is a particularly gross crime," said U.S. Attorney for Utah Brett 

Authorities unsealed indictments against four individuals, including one 
state employee.

Charged were Joshua Smith, 32, of Murray; Michelle Chapman, 29, of 
Murray; John Johnstun, 44, or Midvale and Laura Bustamante, 34, of 

Authorities said Bustamante had worked on and off with the DWS as early 
as 2000 and recently had worked as an eligibility specialist, taking 
applications from Utah residents applying for food stamps, financial 
aid, child care programs including CHIP and Medicaid.

Deputy DWS Director Christopher Love said Bustamante had access to a 
database containing personal information from as many as 1,775 
individuals, including addresses, Social Security numbers and images of 
bank statements.

Tolman said an investigation showed less than 100 accounts were used to 
take out credit cards by the group. According to the indictment, 
Bustamante would forward to her friends personal information from a DWS 
database via phone or text. The group would then apply for credit cards 
using the stolen information. Tolman said on a few occasions the group 
charged as much as $10,000 to $12,000.

According to the Secret Service, the ID theft began in September of last 
year. A report of a stolen car last January, in addition to a tip called 
in to DWS, sparked the investigation. A search at a downtown hotel room 
where Chapman and Smith were staying yielded a fake state ID card and 
several credit cards in the name of DWS customers.

Love said Bustamante was immediately placed on administrative leave upon 
receipt of the tip and she was later terminated.

DWS officials said they were doing everything they could to help victims 
sort out their credit. Love said the department has sent letters to all 
DWS customers who were at risk and have contacted known victims by 
phone. The department has also set up a security support line to help 
them take steps to minimize the impact of the ID theft. The Utah 
Attorney General's Office has also established a Web site where 
customers can obtain free credit reports and learn how to identify 
potential fraudulent charges.

Love also said DWS is taking steps to review its security policies and 
has also installed an internal tip hotline for its employees. Bustamante 
had recently moved from a DWS satellite office and was telecommuting 
from her home.

Bustamante is charged with one count of computer fraud, two counts of 
aggravated identity theft and one count of destruction of records. 
Johnstun is charged with one count of destruction of records. Smith and 
Chapman are each charged with one count of access device fraud and one 
county of aggravated identity theft.

The penalty for computer fraud is up to five years in federal prison. 
Destruction of records carries up to 20 years in prison. Access to 
device fraud is up to 10 years and aggravated identity theft carries a 
mandatory-minimum sentence of two years and must be stacked against any 
other sentence.

"We sincerely regret this breach of security," said DWS Executive 
Director Kristen Cox in a statement. "Our former employee's alleged 
misconduct certainly does not represent the long-standing honesty, 
integrity and dedication of our staff to the well being of each and 
every one of our customers."

DWS points out that after employing over 2,300 individuals, this is the 
first instance of identity theft by an employee in the department's 

Subscribe to InfoSec News 

Site design & layout copyright © 1986-2014 CodeGods