[BreachExchange] Man jailed for using data breach info leaks to claim over $12 million in IRS tax refunds

Destry Winant destry at riskbasedsecurity.com
Mon Jan 13 10:11:52 EST 2020


https://www.zdnet.com/article/man-jailed-for-using-data-breach-info-leaks-to-claim-over-12-million-in-irs-tax-refunds/

A St. Louis resident has been sentenced to four years behind bars for
stealing the identities of US citizens to file fraudulent tax return
claims, made possible through data leaked in security incidents.

Babatunde Olusegun Taiwo, alongside co-conspirators including Kevin
Williams, used the personal identifying information (PII) of
individuals leaked due to a data breach at a payroll company to file
false returns with the US Internal Revenue Service (IRS), the US
Department of Justice (DoJ) said on Thursday.

The payroll company's data breach impacted hundreds of individuals,
including school district employees across Alabama and Mississippi.

Information stolen from the company included enough PII to be able to
file tax returns and refunds claims. Taiwo attempted to conceal the
fraudulent scheme by "filing the tax returns under electronic filing
identification numbers that the IRS issued to tax return preparation
businesses that they obtained without authorization," prosecutors say.

Submitted claims requested that refunds be sent to their addresses in St. Louis.

The DoJ says that in total, over 2,000 fraudulent returns were filed
in an attempt to claim more than $12 million. The IRS paid out
$889,712 before the scam was exposed.


Taiwo will serve his time in prison alongside three years of
supervised release. He has also been ordered to pay back every cent
the IRS issued.

Williams was previously sentenced to 6.5 years in prison not only for
his role in the ID theft, but also for voter fraud and for re-entering
the US after being removed from the country.

"We will continue to pursue criminals who prey on innocent victims and
we will continue to enforce our nation's tax laws," said Thomas
Holloman, Special Agent in Charge at the IRS Criminal Investigation
Atlanta Field Office. "Today's sentencing should send a clear message
to would-be criminals -- you will be caught and you will be punished."

On Thursday, the DoJ said in a separate release that an Indian
national, Hitesh Madhubhai Patel, has pleaded guilty to operating a
number of scam call centers in India.

Between 2013 and 2016, the call centers were used to scam victims out
of millions of dollars by impersonating IRS and US Citizenship and
Immigration Services (USCIS) employees, threatening victims with
arrest, deportation, fines, and jail time unless they paid money they
apparently owed to the US government.

Victims were made to either wire funds directly or purchase cards.
Runners were used in the US to launder and liquidate the illegal
proceeds of these scams.

Sentencing is set for April 3, 2020. Patel faces up to 20 years in
prison, as well as "a fine of up to $250,000 or twice the gross gain
or loss from the offense," prosecutors say.

A total of 24 individuals also believed to have participated in these
schemes have been convicted.


More information about the BreachExchange mailing list