Identity Theft Through Hacking Prosecutions
Legal Framework
Identity theft through hacking typically involves unauthorized access to computer systems to steal personally identifiable information (PII) such as Social Security numbers, credit card data, or login credentials.
Key federal laws used to prosecute these crimes include:
Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030
Identity Theft and Assumption Deterrence Act, 18 U.S.C. § 1028
Aggravated Identity Theft, 18 U.S.C. § 1028A
Wire Fraud, 18 U.S.C. § 1343
Access Device Fraud, 18 U.S.C. § 1029
Prosecution often hinges on proving unauthorized access, intent to defraud, and use of stolen identity information.
Notable Cases
1. United States v. Nosal (9th Cir., 2012)
Facts:
Nosal used stolen login credentials to access his former employer’s computer system and downloaded confidential information including identities of employees.
Legal Issues:
Whether accessing a computer with authorization but for an unauthorized purpose violates CFAA.
Applicability of CFAA to identity theft via hacking.
Decision:
The court held that exceeding authorized access includes using authorized credentials for improper purposes.
Nosal’s conviction was affirmed, supporting broad application of CFAA to identity theft via hacking.
Significance:
Clarified that misuse of authorized access can constitute criminal hacking leading to identity theft charges.
2. United States v. Ford (D.D.C., 2013)
Facts:
Ford hacked into government computers, stealing personal data of thousands of federal employees for identity theft and fraud.
Legal Issues:
Unauthorized access under CFAA.
Identity theft and wire fraud connected to hacking.
Decision:
Convicted on multiple counts including CFAA violations and aggravated identity theft.
Sentenced to prison reflecting severity of hacking-facilitated identity theft.
Significance:
Illustrated harsh federal penalties for large-scale hacking resulting in mass identity theft.
3. United States v. Alexander (2nd Cir., 2015)
Facts:
Alexander hacked into a credit reporting agency’s systems, stealing customer data to commit financial fraud and identity theft.
Legal Issues:
Application of CFAA and aggravated identity theft statutes.
Proving intent and actual use of stolen identities.
Decision:
Affirmed conviction, emphasizing the use of hacking as a tool for identity theft and financial crimes.
Significance:
Reinforced that breach of corporate databases for identity theft is federally prosecutable under multiple statutes.
4. United States v. Slatten (D.D.C., 2014)
Facts:
Slatten was charged with hacking into medical provider databases and stealing patient identities to file fraudulent insurance claims.
Legal Issues:
Use of stolen medical identities in healthcare fraud.
Application of aggravated identity theft and wire fraud statutes.
Decision:
Conviction affirmed; hacking coupled with identity theft used to commit fraud is a federal crime.
Significance:
Showed intersection of cybercrime, identity theft, and healthcare fraud in federal prosecutions.
5. United States v. Thomas (E.D.N.Y., 2017)
Facts:
Thomas hacked into an online retailer’s system, stealing thousands of customer credit card numbers and identities.
Legal Issues:
CFAA violations.
Use of stolen access devices (credit cards) in identity theft.
Decision:
Convicted of CFAA and access device fraud.
Sentenced to significant prison term due to scale of identity theft.
Significance:
Highlighted how identity theft through hacking of e-commerce platforms leads to federal prosecution.
6. United States v. Roberts (9th Cir., 2018)
Facts:
Roberts hacked into a government contractor’s system and stole PII to create synthetic identities used for fraudulent loans.
Legal Issues:
Aggravated identity theft connected to synthetic identity fraud.
Scope of CFAA in hacking for identity theft.
Decision:
Affirmed conviction, emphasizing the seriousness of identity theft via hacking to perpetrate loan fraud.
Significance:
Synthetic identity fraud facilitated by hacking is a growing target for federal prosecutors.
Summary of Legal Principles
| Principle | Explanation |
|---|---|
| Unauthorized Access | Hacking into systems without permission violates CFAA and triggers identity theft charges. |
| Exceeding Authorized Access | Even authorized users who misuse access can be prosecuted under CFAA. |
| Aggravated Identity Theft (§ 1028A) | Mandatory sentencing for using stolen identities in further criminal acts. |
| Combination with Fraud | Identity theft through hacking often accompanies wire fraud, healthcare fraud, or financial fraud charges. |
| Scale and Intent | Large-scale hacking leading to mass data theft results in harsher penalties. |
| Synthetic Identities | Using stolen data to create new fake identities is federally prosecutable. |
Conclusion
Identity theft through hacking is aggressively prosecuted under multiple overlapping federal statutes, with an emphasis on unauthorized computer access, intent to defraud, and actual misuse of stolen identities. Courts have broadened the interpretation of the CFAA to cover misuse of authorized access, making it easier to prosecute cyber-enabled identity theft.
RELATED Blog
0 comments