Department of Justice Assistant Attorney General Stephen Boyd said Monday in a letter to Sen. Mark Warner, D-Va., that DoJ reached a premature conclusion in stating that stolen personal information used in a credit fraud case in Virginia was acquired from the 2015 Office of Personnel Management (OPM) data breach.
On June 18, the United States Attorney’s Office (USAO) for the Eastern District of Virginia posted a press release on the justice.gov website that indicated that two defendants convicted in a fraudulent identity-theft scheme had acquired the identity information through stolen OPM data.
“Regrettably, the USAO’s original press release on June 18, 2018, implied a premature conclusion that the exclusive and known source of the stolen identities used in the Langley Federal Credit Union fraud case was the OPM data breach,” Boyd wrote in Monday’s letter.
That premature conclusion was what prompted Sen. Warner, Rep. Gerry Connolly, D-Va., and others to question how the defendants acquired the alleged OPM-sourced data, as it was the first time DoJ reported data from the OPM breach being used in a crime.
DoJ revised the press release and amended its headline on June 21 – the same day Warner inquired about the case to U.S. Attorney General Jeff Sessions and OPM Director Jeff Pon. In the revision, DoJ said it was providing “additional clarity” and noted that “numerous victims of the LFCU identity theft fraud also identified themselves to DoJ as victims of the OPM Data Breach.”
Boyd admitted Monday that the Justice Department may have been a bit hasty about drawing conclusions regarding the source of the stolen information and said the ongoing investigation has yet to find that source.
“At present, the investigation has not determined precisely how [victims’] identity information used in this case was obtained and whether it can, in fact, be sourced directly to the OPM data breach,” Boyd wrote. “Because the victims in this case had other things in common in terms of employment and location, it is possible that their data came from another common source.”
