Data theft leads to arrest of 10 SSA employees
- By John Breeden II
- Jan 13, 1997
The Social Security Administration has fired 10 employees for stealing data from agency
computers. The information was used to activate more than 1,000 stolen credit cards.
"There is no place in our agency for employees like that," SSA spokesman
Jerry Rieger said. "What they did was not representative of our employees."
The 10 employees have been arrested and charged with illegally accessing and tampering
with a government computer. Some employees also were charged with accepting
ing bribes in exchange for the information they provided. The 10 employees face prison
sentences from two to 15 years and fines up to $250,000.
The 10 employees, arrested in November, were alleged to be part of a larger ring of
thieves that stole new or replacement credit cards mailed out to customers.
New cards are inactive until a user calls a special number to confirm receipt of the
card. As part of the security process, most credit card companies require users to know
their mother's maiden name. It was that information the alleged credit card thieves needed
from SSA employees.
SSA officials said the employees had access to a database that contained personal
information about people with Social Security cards. The database was password-protected
but did not have access controls as stringent as SSA databases that hold earning
statements and other private information.
Rieger said SSA clerks process 8 million new Social Security cards a year and 16
million for people who need a new card after marriage or if their card is lost. The
database the clerks use to process cards contains mothers' maiden names, places of birth
and account number information.
Bank officials became concerned when card holders in New York began to report bogus
charges on their cards in exceptionally high numbers.
Unknown to the bankers, SSA already had begun an internal investigation of employees
who were accessing the database more often than normal.
"The system tracks who accesses the database," Rieger said. "Security
officers noticed unusually high access.
"When the banks contacted us, it all added up," Rieger said. By searching
computer use records, SSA investigators traced employees who accessed information about
people who had reported misused credit cards. The electronic trail led to the arrests.
SSA officials would not comment on specifics but said they are considering more
security enhancements. The SSA investigation is continuing but no new arrests are
expected, officials said.
John Breeden II is a freelance technology writer for GCN.