Holy Angel University

College of Criminal Justice Education and Forensics

#1 Holy Angel St., Angeles City

Bautista, Sean G.
Esguerra, Lincoln G.
Lansangan, Edlyn Clarivel J.
Roque, Nathanael John L.
5128 - FSCOMFORL

Mr. Eduard M. Dimalanta

Professor, Computer Forensics Laboratory

October 2023
 The Largest Identity Theft Case in United States and Canada
The Case of Philip Cummings

Over the years, identity theft has become a prevalent threat that has expanded into a
highly sophisticated and profit-making criminal enterprise. In the history of identity theft cases,
one case stood out as the largest ever in the History of Canada and the United States, as
investigated and prosecuted, affecting a staggering 30,000 victims and resulting in millions of
dollars in financial losses. The center of this case was a crooked "insider," Philip Cummings,
whose actions forever changed the lives of many. Cummings was a help desk employee at a
Long Island, New York, company (Teledata Communication Inc.), providing specialized
software to its clients, including banks and financial institutions. The software allowed clients to
access consumer credit reports from the three major commercial credit reporting agencies. With
Cummings’ line of work, he held the keys to access thousands of accounts. He had access to
clients' codes and passwords, allowing him to download consumer credit reports at will.
Cummings' rise into criminality began when a ring of Nigerian nationals approached him,
offering to pay for these confidential credit reports. He seized the opportunity, and even after
leaving his job, he continued exploiting his insider knowledge, downloading and selling credit
reports to the identity theft ring for another two years. The consequences of his actions led him
to be prosecuted and sentenced to 14 years in Manhattan, with the damage he caused
described as “almost unimaginable.”

As investigated by the FBI in collaboration with the Secret Service and Postal Inspection
Service, their objective is to uncover and prosecute the individuals responsible for the reported
massive identity theft scheme (Largest Case-to-Date of ID Theft, n.d.). The FBI's investigation
aims to hold those individuals accountable and bring those responsible to justice. The FBI
aimed to pull apart this complex criminal operation, involving unauthorized access to
sensitive consumer credit information. They determined the full extent of the financial
loss and the various forms of identity fraud experienced by the victims, such as drained
savings accounts, unauthorized credit card usage, altered addresses, and other
fraudulent activities. The investigation aimed to not only hold the perpetrators
accountable but also to provide compensation to the victims. FBI's efforts send a clear
message that cybercrimes of this nature will not go unpunished. T he damage caused by
Cummings's actions led to a devastating loss. Thousands of personal savings accounts were
drained, and fraudulent charges rapidly accumulated on credit cards. This identity theft ring was
particularly cunning, changing the addresses on victims' bank accounts, and ensuring that new
credit, check, and ATM cards were mailed directly to the perpetrators. Herein, his crimes
strongly constitute a data breach, where he as an unauthorized individual gained access to
confidential/sensitive information of individuals. The ripple effect of this criminal operation was
profound, affecting countless lives.

Identification of the Problem

 In the case of Philip Cummings, considering data breach as its primary focus, the
unauthorized access issue revolved around the misuse of confidential passwords and codes. As
a former TeleData Communications Inc. (TCI) employee, he provided software for banks and
other entities to access consumer credit information from big credit history bureaus, such as
Experian, Equifax, and TransUnion (Rosencrance, 2002). With Cummings' capacity as a help
desk employee, his duty includes privileged access to these confidential codes and passwords
meant for legitimate business purposes. However, he misappropriated these codes and
passwords for unlawful activities (King, 2023). In this case, the unauthorized access issue
includes insider exploitation, illicit sale of credit reports, compromisation of codes, persistent
code misuse, the extent of unauthorized access, and enabling further fraud. As an insider of
TCI, Cummings used his position to exploit his access for personal gain. Accordingly, even in
early 2000, as he agreed to provide credit reports to his co-conspirator in exchange for money,
he illicitly provided these reports for profit. Aside from providing the reports to his co-conspirator,
he gave the passwords and codes to his co-conspirator, referred to as "CW," allowing them to
access major credit bureaus' databases. As a result, it enables them to download credit reports
without the consumers' knowledge and consent. Even after moving to Georgia, Cummings'
involvement persisted as he facilitated the scheme by downloading credit reports for CW and
providing a pre-programmed laptop to continue their illicit activities. Furthermore, the extent of
his crimes continued and extended to numerous entities, compromising the confidential TCI
passwords and subscriber codes, including Dollar Bank, Ford Motor Credit Corp., Washington
Mutual Bank, and more. Cummings with his co-conspirator victimized thousands of consumers
by using their identities for fraudulent activities by depleting savings accounts, making
unauthorized credit card charges, and changing account addresses (Rosencrance, 2002; Delio,
2002).

Several critical vulnerabilities are exploited by perpetrators in this identity theft scheme.
First, insider access was misused as an employee had access to confidential passwords and
codes for illegitimate purposes. It continued for an extended period without detection due to
potential shortcomings in monitoring and auditing procedures. The compromised passwords
and subscriber codes revealed weaknesses in security credential management. Accordingly,
the scheme continued even after Cummings moved to another state, operating remotely,
indicating potential vulnerabilities in controlling remote access. Furthermore, it exhibits the gaps
in user education and training concerning the responsible and ethical use of access privileges,
as co-conspirators were able to exploit insider access. The use of insecure communication
methods highlighted potential weaknesses in authentication processes, contributing to the
success of this identity theft scheme.

The case of Cummings had profound and extensive impacts on both customer data and
the organization's reputation. With the consumers' data, it resulted in a loss of trust, widespread
identity theft, financial losses, and significant recovery efforts for affected individuals. Over
30,000 individuals fell victim to large-scale identity theft as their personal credit reports were
compromised due to the misuse of confidential passwords and codes by Philip Cummings,
leading to a ubiquitous identity theft crisis. The victims of this scheme experienced immense
financial disruptions that caused financial distress and necessitated extensive recovery efforts.
Herein, TCI suffered a loss of credibility and trust, legal consequences, operational disruptions,
and ongoing repercussions that raised concerns about data protection. Ultimately, this is a
reminder of the prevalence and expense of identity theft, emphasizing the potential
consequences of failing to protect sensitive information and the need to prioritize cybersecurity
and address security breaches ensuring data security and confidentiality.
Methodology

It started in the spring of 2001 when someone impersonating a Ford Motor Credit
representative started requesting reports of credit on consumers. The Ford imposter stole
approximately 13,000 credit reports before the end of the year. Hundreds of other companies
were imitated before authorities stopped the crime ring. According to authorities, Linus Baptiste
of New Rochelle, N.Y., who pleaded guilty last year to fraud, conspiracy, and fraud charges,
would obtain a list of names and social security numbers from "street criminals" of people
whose credit histories they wanted. Baptiste and Cummings would then set up access to the
credit reports by using the password Cummings had created. They would then sell the reports
for $60 each and split the profits.

By extracting, analyzing, and deciphering data stored on electronic devices, digital

forensic tools play a vital role in detecting and deterring computer crimes. Through
these tools, investigators can gather and store data essential for identifying crimes.
Digital forensic tools were significant in the investigation of Philip Cummings, revealing
his illegal activities.

Following the investigation by the FBI, Cummings' computers and devices were
searched for evidence using a variety of forensic tools. The data from his computer hard
drives, email accounts, and other digital storage mediums were obtained and examined
using programs like EnCase, AccessData's Forensic Toolkit (FTK), and X-Ways
Forensics. With the help of these tools, investigators were able to recreate Cummings'
actions, recover deleted files, and detect damaging evidence.

Aside from the various digital forensic tools, network forensic tools were utilized.
The use of these tools in this case was essential in determining the scope of his illicit
activities and tracking his digital footprint. Investigators were able to track suspicious
movement from Cummings' computer systems by monitoring network traffic logs and
packet captures. The connection patterns between Cummings' devices and the bank's
network were deciphered using network forensic tools, including Wireshark and
tcpdump. Hence, investigators were able to retrace the chain of events, identify the
stolen data, and learn how the system was breached (Home Security Heroes, 2022).

Evidence Collection

Federal agents from the FBI, in support of the U.S. When a major credit company
discovered that thousands of credit reports were being downloaded without authorization, the
Postal Inspection Service and the Secret Service had to step in to conduct an investigation.
Other companies soon reported precisely the same thing. An examination of the victim
companies' 1-800 phone records led investigators to the Long Island company that employed
Philip Cummings and, eventually, to Cummings and his criminal associates. Cummings pled
guilty to the massive scheme last month. His co-defendants will face trial soon.

More than 300 victims had spoken forward by the moment Cummings pleaded guilty to
conspiracy, wire fraud, and identity theft last September, describing how they battled with
finance companies to get rid of unauthorized demands on their credit cards and regain their
credit ratings. He acknowledged assisting in the theft of credit reports on approximately 33,000
consumers across the country, launching a scheme that earned thieves between $50 and $100
million. Cummings was charged with wire fraud and conspiracy in connection with his
participation in the nearly three-year-long scheme that involved over 30,000 victims (Man
Pleads Guilty in Largest ID Theft Case in US History , n.d.). Cummings earned around $30 for
every seized report, according to court documents. The data was distributed to at least 20
people, who then set out to profit from it, consuming a national network of criminals.

As stated by US Attorney James Comey, the identities were converted into money in a
variety of ways. Victims' bank accounts had become depleted, accounts had their addresses
altered, new checks were issued, new ATM cards were ordered, new credit cards were ordered,
and new lines of credit were opened rapidly (Goldenberg, 2017). One elderly woman had only
$1,000 in her bank account when she discovered that criminals had taken $35,000 from it.
According to the government, $50 million to $100 million was inevitably stolen.

Cummings gained access to his clients' codes and passwords, allowing him to download
virtually any consumer credit report he desired (Rosencrance, 2002). After being approached by
a ring of Nigerian nationals who offered to pay for copies, he did. Cummings carried on to use
his inside information to download and trade credit reports to this identity theft ring for another
two years after leaving the company. The thieves may have had new credit and ATM cards
transmitted directly to them by modifying a customer's personal information. More than 15,000
unauthorized credit reports have been accessed through a stolen Ford Motor Credit password,
making the scam a harder one to detect.

When a company discovered illegal downloads that impacted one of its customers, the
stolen password and subscriber code were disabled. But Cummings would simply provide the
information of another customer, allowing the scam to continue. Thousands of individual savings
accounts were robbed. Credit cards were charged with false charges. Bank account addresses
were altered so that new credit, check, and ATM cards could be transmitted directly to the
thieves.

Equifax identified that the password and subscriber codes for Ford's Decatur, Illinois,
branch had been misused to download 1,300 credit reports from its databases in September
and October 2002, based on the Complaint. Another 1,100 credit reports were accessed using
the passwords and codes of Washington Mutual Finance's branch in St. Augustine, Florida, and
over 4,000 additional credit reports were downloaded using the passwords and codes of six
more entities: Dollar Bank in Cleveland, Ohio; Sarah Bush Lincoln Health Center in Illinois; the
Personal Finance Company in Frankfort, Indiana; the Medical Bureau in Clearwater, Florida;
Vintage Apartments in Houston, Texas.According to the Complaint, in September 2002, Central
Texas Energy Supply's codes had been improperly utilized to download roughly 4,500 credit
reports from TransUnion. All of the companies stated above whose codes have been
compromised and exploited are TCI client companies.

Analysis and Findings

 Such unauthorized access to any personal or private information is unacceptable, for it
endangers the privacy and safety of the person who's being targeted. Resulting in a lot of
possible loss, such as stealing the identity of someone, unauthorized access to their financial
assets, or in the worst case, the safety and confidentiality of information that might cause an
alarm up to the national level. Economically and financially, such unauthorized access to any
protected information might cause danger to the economy and well-being of a country and its
people.
Thus, one must not leave their important information in broad daylight, to ensure that
no heinous person or motive should ever come to them with harm. Also, one must not be fooled
just because of some unrecognizable and unconfirmed information, for their source is either a
lie or unreliable, so no one may ever fall into the havoc of confusion, as to which is the very truth
and not. Secured and well-protected information, along with a strong mindset, can never be
fooled or even fall into such atrocities full of lies and deceit, where one follows blindly into the
nothingness and void end.

Legal and Ethical Considerations

Matters such as the rights for privacy, laws that protect both the suspect and the victim's
property, in any form, and the unwritten law of the sensitivity of information, are and can
become difficulties if an investigation is about to go, and the compliance of both parties if
needed. Difficulties may vary depending on the situation, either the technology that has been
used is more complex, numerous accounts that may cause inaccurate location of a person or
information, or the time and patience are given in a limited amount. Such a predicament may
either slow or speed up the progress of the case, which is why further and intense investigation
and research are needed.

The investigation process when it comes to these kinds of cases is a challenging one.
The investigation requires skill, knowledge, and thorough scrutiny while making sure that the
collected evidence and information will not cause further damage to the victims involved. It's a
challenging path, as the investigation needs to be careful and comprehensive, considering how
skilled Cummings and his conspirators are in engaging in these activities. Moreover, the issue
of access management, transfer of data, and errors and mishaps with gathering evidence may
become a problem as these criminals may get one step ahead of the law enforcement or
agency investigating the illegal activities involving data breaches.

The protection of rights and privacy of everyone involved must be considered in this
case. It requires thorough investigation to gather necessary warrants and legal permission to
collect evidence and data; and surveillance to impede violations of individuals' rights from
unreasonable searches and seizures by the government or any agency (U.S Fourth
Amendment rights). Accordingly, due process must be exhibited throughout the investigation.
Herein, the proper chain of custody and the handling of evidence must be upheld as cases such
as this involve sensitive financial information of thousands of individuals.

The privacy of customer information is prioritized. Adhering to the laws and regulations
concerning how the information of the entities involved must be protected and preserved,
considering how their history and transactions may be investigated to further establish if they
are victims of data breaches. Following the standard legal procedure for handling these cases,
it's crucial to protect the privacy and sensitive data of the victims, specifically the big companies
involved, to prevent such incidents from happening and prevent the information from being
further compromised.

The identity theft case involving Philip Cummings, that happened in the early 2000s,
presented some crucial lessons as well as insights about identity theft and its prevention. The
case emphasized the immense threat created by insiders, in this case, an employee who stole
personal information and committed identity theft. To prevent and detect such internal threats,
organizations must have strong security procedures in place. Cummings was able to take
advantage of his position since he was a well-liked employee. This highlights the importance of
doing extensive background checks on employees that possess control over sensitive personal
data. Continuous monitoring and auditing of sensitive information access can aid in the
detection and prevention of unlawful access. In this situation, regular surveillance could have
detected Cummings' illegal conduct beforehand.

This highlights the significance of how individuals and huge companies should take care of
personal and private information. As the largest identity case in US history, it clearly exhibits a
data breach. Approximately every 11 seconds, data breaches are happening more frequently.
With the prevalence of these incidents, in order to not become a victim of such criminal activity,
it's crucial to safeguard personal information (King, 2023). With the widespread occurrence of
these cases, it's essential to restrict and be mindful of the data provided to companies and
services one's signed up for. Additionally, ensure that sensitive details and information such as
banking information, credit history, and social security number (SSN) are protected and secured
by trusted services and companies. With how everyone accesses the internet and uses online
banking for convenience, it's crucial to always make sure to regularly review bank statements
 and credit card transactions. As a responsible user of such services from different companies,
it's important to be vigilant and meticulous in protecting personal and financial information,
keeping a close eye on financial statements and different transactions made on one's account,
to prevent falling victim to identity theft, specifically data breaches and the consequences that it
entails.

The case emphasizes the necessity of safeguarding personal and financial information.
Organizations and agencies that manage such data should use strong data security measures,
such as encryption and access limits. Identity thieves innovate as technology advances. The
case emphasized the importance of ongoing technological developments in the struggle against
identity theft, such as improved authentication systems and cybersecurity technologies.
Furthermore, it highlighted the need of giving identity theft victims with support and services to
assist them in recovering and restoring their financial and personal lives.In summary, the Philip
Cummings identity theft case underlined the crucial importance of proactive data protection,
staff screening, and public awareness initiatives. It also showed the ever-changing nature of
identity theft, needing continual efforts to effectively tackle this sort of crime.

References

CNN.com - Feds charge 3 in massive credit fraud scheme - Nov. 26, 2002. (2002, November
25). https://edition.cnn.com/2002/LAW/11/25/ID.theft/index.html

Delio, M. (2002, November 27). Fraud case: Greed bred sloppiness. WIRED.
https://www.wired.com/2002/11/fraud-case-greed-bred-sloppiness/

Home Security Heroes. (2022, August 16). ONE Mistake Took Down The Most Successful ID
Thief Ever [Video]. YouTube. https://www.youtube.com/watch?v=B2MirP7o7g8
Goldenberg, S. (2017). ID theft lands Briton 14 years in US jail. Money | the Guardian.
https://amp.theguardian.com/money/2005/jan/13/usnews.scamsandfraud

King, B. (2023, September 15). 15 Famous Identity Theft Cases That Rocked The Nation.
Home Security Heroes | /. https://www.homesecurityheroes.com/famous-identity-theft-
cases/

Largest Case-to-Date of ID theft. (n.d.). FBI.

https://archives.fbi.gov/archives/news/stories/2004/october/uncoveridt_101504
Man pleads guilty in largest ID theft case in US history. (n.d.). Deeth Williams Wall.
https://www.dww.com/articles/man-pleads-guilty-largest-id-theft-case-us-history

Rosencrance, L. (2002, November 26). Identity theft case seen as largest in U.S. history.
Computerworld. https://www.computerworld.com/article/2578248/identity-theft-case-
seen-as-largest-in-u-s--history.html