Real Identity Theft Stories | Case #4: IT Worker Steals Employee & Customer Data, Robs Victims of $3.5 Million
This blog series is dedicated to telling the real-world stories of the most serious cases of stolen identities – and just how devastating these crimes can be on organizations, individuals, and families. This week’s recap shows how an identity thief was able to steal millions of dollars from his former colleagues and customers.
About the Identity Thief
Kenneth Gibson is a 47-year-old former IT (Information Technology) professional from Reno, NV. Between 2012 and 2017, he was working for a large company where he had access to the Personally Identifiable Information of thousands of employees and customers.
During this time, Gibson methodically stole data from his employer until the day he left the company. He then set up eight computers to run an automatic script of the victims’ information to open fraudulent accounts and transfer money. This automated system ran 24/7.
Over time Gibson opened up about 8,000 unauthorized PayPal accounts with the stolen identities. He would then apply for, and open, credit accounts linked to those PayPal accounts, withdrawing money via cash advances. The stolen funds enabled Gibson and his family to live lavishly. He bought a boat, traveled extensively, and was allegedly a frequent gambler.
By moving the money in many small increments, he was able to avoid detection for years. But, like many criminals, Gibson made a critical mistake that led to his downfall.
Capture and Sentencing
Eventually, after he got tired of having to make multiple trips the to the ATM to retrieve his stolen cash, Gibson requested that PayPal mail him a check. However, the name on one of these requested checks matched one of Gibson’s victims. This is where law enforcement could make their move after four months on the case.
Gibson ultimately confessed, and the FBI were able to locate the computers he had operating in a leased office space.
On July 30, 2018, he was sentenced to 4 years in prison along with 3 years of supervised release and 100 hours of community service. In addition, he must pay $1 million in restitution and forfeit assets to account for the $3.5 million stolen.
Are You Protecting Your Employees’ Identities?
Many of Gibson’s victims probably still don’t know they had their identity stolen. The harsh truth is that those who do didn’t find out until they went to apply for a loan or a credit card or were contacted by a collection agency. And, to make matters worse, it happened from their place of employment.
Get started with a Free Business Trial.