The indictment Monday of a former help desk worker at Teledata Communications Inc., a company that helps connect lenders to credit bureaus, on massive identity theft charges may call into question banks' reliance on third-party intermediaries of this type.
Washington Mutual Inc., one of the companies burned in what the authorities are calling the largest ever incident of identity theft would not say whether it had severed relations with Teledata, of Bay Shore, N.Y. But Teledata said that Washington Mutual was still a customer.
Another large lender affected was Ford Motor Credit Co., which said it would continue using Teledata Communications, adding that it had received proper safety assurances from the 65-person company. Several smaller lenders, including Dollar Bank of Cleveland, were also snarled in the scam.
The crimes shine a spotlight on a little-known area of the industry, in which lenders hire technology intermediaries to hasten and facilitate their use of credit data repositories. It is also potentially a black eye for the repositories themselves: Experian, Equifax, and TransUnion are the three that were named by federal authorities as having been illegally breached, through use of code numbers allegedly stolen from the lenders.
Teledata said in a statement late Monday: "We cooperated fully with that investigation and are pleased to learn that it has apparently come to a successful conclusion. We will continue to give our full cooperation to the Federal Bureau of Investigation and the United States Attorney."
Libby Hutchinson, a Washington Mutual spokeswoman, said that her company was notified early in the summer that about 500 customers may have been affected by the fraud. The company immediately notified the customers, as well as "flagged" all the accounts so that if there were any inquiries, customers would have to be notified before any information was released.
Customers were also given the "800" numbers of all the credit bureaus so they could check their credit reports. And in the case of Experian, they were offered a free subscription to Credit Guard, which would notify the customer whenever a change occurred to their credit report.
The company also changed the subscriber codes that were used in the alleged fraud. Washington Mutual also "encouraged [the victims] to change their accounts if that made them more comfortable," she said.
Donald Girard, a spokesman for Experian said: "We implemented changes immediately when we heard of this instances." He also said that while there was access to 30,000 files, "that doesn't mean that was the number of victims. That means they had access. I'm sure there were some victims."
Authorities said the three-year scheme was masterminded by Philip Cummings, a help-desk employee at Teledata. Authorities say Mr. Cummings, 33, conspired with another person, Linus Baptiste, to sell credit reports to at least 20 people in Brooklyn and the Bronx, New York. The two men were paid up to $60 for each report they stole. Mr. Baptiste, 43, has also been arrested. Criminals used the reports to take out loans in the names of their victims, buy merchandise, deplete bank accounts, and order credit cards, authorities said.
From mid-1999 to mid-2000, while he worked on the company's help desk, Mr. Cummings learned the passwords and codes of Teledata's clients, prosecutors said. After leaving Teledata, he was able to use this information to download credit reports himself, they said.
"We have stumbled onto something that is bigger than any of us imagined," U.S. Attorney James Comey said Monday at a news conference announcing the criminal complaint against Cummings.
Mr. Cummings and Mr. Baptiste were able to download 15,000 credit reports by using access codes belonging to Ford Motor Co.'s credit arm, prosecutors said. Access codes belonging to Washington Mutual Bank in Florida and Washington Mutual Finance Company in Crossville, Tennessee, units of Washington Mutual Inc., were used 6,000 times, they said.
In a press release, Ford Motor Co. said, "We're very pleased that the FBI has made three arrests in this case. Since we became aware of this situation, we have been working closely with the FBI. Last May, we acted quickly to inform the impacted consumers and urge them to take steps necessary to protect against misuse of their sensitive information."
