[BreachExchange] Fired CPS Employee Steals Personal Data Of 70, 000 People, Charged With Multiple Felonies
Destry Winant
destry at riskbasedsecurity.com
Mon Nov 5 00:25:16 EST 2018
https://chicago.cbslocal.com/2018/11/01/cps-employee-data-theft/
When Chicago Public Schools fired an employee recently, she left her
job with more than just her final paycheck.
Police say the employee, 28-year-old Kristi Sims of Hickory Hills,
allegedly took the personal information of about 70,000 people
contained in a CPS private database.
Sims was a temporary employee who worked in the CPS information
center, police said. She may have stolen the data in retaliation for
being fired, police said.
After she was fired, she copied–then deleted–a database with
information police described as “sensitive.” The stolen information is
attached to CPS employees, volunteers and others, according to police.
Sims was arrested on Wednesday, and charged Friday with one felony
count of aggravated computer tampering/disrupting service and four
felony counts of identify theft. A former prosecutor said the crime
was likely to carry federal charges.
Renato Mariotti is a former federal prosecutor who says the crime
could come with stiff penalties because the allegations involve a mass
amount of personal data stolen from a public institution.
“Typically I will tell you a (lot of) complex white collar cases are
handled by the feds here in Chicago– seems like the sorta case they’d
be interested in,” Mariotti said.
A resume posted online shows Sims was studying for a degree in criminal justice.
An email CPS sent Thursday to the people affected by the data breach
details the personal information stolen. It includes names, employee
ID numbers, phone numbers, addresses, birth dates, criminal histories
and any records associating individuals with the Department of
Children and Family Services.
CPS’s email reads, “There is no indication the information, which was
in the individual’s possession for approximately 24 hours, was used or
disseminated by anyone in any way.”
More information about the BreachExchange
mailing list