Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims
upstart writes in with an IRC submission:
Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims:
In June, KrebsOnSecurity was contacted by a cybersecurity researcher who discovered that a group of scammers was sharing highly detailed personal and financial records on Americans via a free web-based email service that allows anyone who knows an account's username to view all email sent to that account - without the need of a password.
The source, who asked not to be identified in this story, said he's been monitoring the group's communications for several weeks and sharing the information with state and federal authorities in a bid to disrupt their fraudulent activity.
The source said the group appears to consist of several hundred individuals who collectively have stolen tens of millions of dollars from U.S. state and federal treasuries via phony loan applications with the U.S. Small Business Administration (SBA) and through fraudulent unemployment insurance claims made against several states.
KrebsOnSecurity reviewed dozens of emails the fraud group exchanged, and noticed that a great many consumer records they shared carried a notation indicating they were cut and pasted from the output of queries made at Interactive Data LLC, a Florida-based data analytics company.
Interactive Data, also known as IDIdata.com, markets access to a "massive data repository" on U.S. consumers to a range of clients, including law enforcement officials, debt recovery professionals, and anti-fraud and compliance personnel at a variety of organizations.
The consumer dossiers obtained from IDI and shared by the fraudsters include a staggering amount of sensitive data, including:
-full Social Security number and date of birth;
-current and all known previous physical addresses;
-all known current and past mobile and home phone numbers;
-the names of any relatives and known associates;
-all known associated email addresses
-IP addresses and dates tied to the consumer's online activities;
-vehicle registration, and property ownership information
-available lines of credit and amounts, and dates they were opened
-bankruptcies, liens, judgments, foreclosures and business affiliationsReached via phone, IDI Holdings CEO Derek Dubner acknowledged that a review of the consumer records sampled from the fraud group's shared communications indicates "a handful" of authorized IDI customer accounts had been compromised.
Read more of this story at SoylentNews.