The Justice Department jumped the gun in June when it claimed a Maryland woman pled guilty for using data stolen from the 2015 breach of the Office of Personnel Management to obtain fraudulent loans.
In a letter to Sen. Mark Warner (D-Va.), Assistant Attorney General Stephen Boyd said DOJ reached a “premature conclusion” that the data only came from the OPM breach.
“A number of victims in the scheme identified themselves to the Department of Justice as victims of the OPM data breach. However, at present, the investigation has not determined precisely how their identity information used in this case was obtained and whether it can, in fact, be sourced directly to the OPM data breach.” Boyd wrote. “Because the victims in this case had other things in common in terms of employment and location, it is possible that their data came from another source.”
The case Boyd is referring to is June 18 announcement that Kariva Cross, 39, of Bowie, pled guilty to participating in a scheme to obtain fraudulent personal and vehicle loans using data stolen during the OPM breach. DOJ has since clarified and re-released the press release from June, Boyd said.
“After receiving several inquiries, the U.S. Attorney’s Office conducted an internal review of the case and the wording of the press release, and on June 21 reissued the press release with a revised headline and a supplemental statement to clarify the public record,” Boyd writes.
Warner was one of several lawmakers asking DOJ for more details on its findings in this case particularly because it was the first time the agency said data from the massive 2015 hack was used in a crime. Boyd also sent the letter explaining the premature conclusion to OPM Director Jeff Pon.