Software consultant who stole data on 110,000 people gets five-year sentence

He later attempted to sell the info

A Michigan man who illegally accessed personal data on more than 110,000 people while working as a software consultant for an insurance company -- and then later tried to sell the information -- was sentenced to five years in federal prison in Nashville yesterday.

In addition, Binyamin Schwartz, 28, of Oak Park, Mich., was sentenced to two years of supervised release following his imprisonment and was ordered to pay nearly $520,000 in breach-related costs to Sentry Insurance Co., the firm from which he stole the data.

A statement released by the U.S. attorney's office in the Middle District of Tennessee said that Schwartz initially offered to sell the names, addresses, Social Security numbers and dates of birth for 36,000 individuals to an undercover Secret Service agent in June 2006. Schwartz had stolen the information from Stevens Point, Wis.-based Sentry Insurance Co. and negotiated its sale over the Internet using an assumed identity.

He was arrested when he flew from Detroit to Nashville to exchange the information in return for $25,000 in cash. At the time of his arrest, Schwartz had with him another database containing personal data on an additional 75,000 individuals.

Schwartz, who also admitted to selling about 70 records to two other people, was arrested and later convicted on charges of identity theft, aggravated identity theft, access device fraud and wire fraud.

"Fortunately, in this case, the United States Secret Service recovered the personal information for most of these individual victims before Mr. Schwartz could sell that information to others," U.S. Attorney Craig Morford said in the statement.

The case is only the latest in a series of such incidents that have highlighted the dangers to corporate data from trusted insiders.

Only last week, Fidelity National Information Services Inc., an electronic check processing firm, disclosed that one of its database administrators had illegally accessed personal records belonging to about 2.3 million consumers and sold them to direct marketers. The breach prompted a public apology from Fidelity National's CEO and forced it to send letters notifying all affected consumers of the potential compromise of their personal data.

In February, the U.S. District Court in Delaware unsealed the details of a case involving a scientist at DuPont named Gary Min who admitted to downloading and stealing information worth $400 million from the company. Over a five-month period before he joined another company, Min downloaded about 22,000 document abstracts from DuPont's Electronic Data Library server and accessed another 16,700 full-text PDF files without being detected. The various documents covered most of the company's major products and technologies, including some that were still in the research-and-development stage.

Copyright © 2007 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon