A software consultant who illegally accessed personal data on more than 110,000 people while working for a US insurance company - and then later tried to sell the information - was sentenced to five years jail this week.
In addition, Binyamin Schwartz, 28, was sentenced to two years of supervised release following his imprisonment and was ordered to pay nearly US$520,000 (£260,000) to Sentry Insurance, the firm from which he stole the data.
released by the U.S. Attorney's office in the Middle District of Tennessee said that Schwartz initially offered to sell the names, addresses, Social Security numbers and dates of birth for 36,000 individuals to an undercover Secret Service agent in June 2006. Schwartz had stolen the information from Sentry Insurance and negotiated its sale over the Internet using an assumed identity.
He was arrested when he flew from Detroit to Nashville to exchange the information in return for $25,000 in cash. At the time of his arrest, Schwartz had with him another database containing personal data on an additional 75,000 individuals.
Schwartz, who also admitted to selling about 70 records to two other people, was arrested and later convicted on charges of identity theft, aggravated identity theft, access device fraud and wire fraud.
"Fortunately, in this case, the United States Secret Service recovered the personal information for most of these individual victims before Mr. Schwartz could sell that information to others," US Attorney Craig Morford said in the statement.
The case is only the latest in a series of such incidents in the US that have highlighted the dangers to corporate data from trusted insiders.
Only last week, Fidelity National Information Services, an electronic check processing firm, disclosed that one of its database administrators had illegally accessed personal records
belonging to about 2.3 million consumers and sold them to direct marketers. The breach prompted a public apology from Fidelity National's CEO and forced it to send letters notifying all affected consumers of the potential compromise of their personal data.
In February, the U.S. District Court in Delaware unsealed the details of a case involving a scientist at DuPont named Gary Min who admitted to downloading and stealing information worth $400m from the company.
Over a five-month period before he joined another company, Min downloaded about 22,000 document abstracts from DuPont's Electronic Data Library server and accessed another 16,700 full-text PDF files without being detected. The various documents covered most of the company's major products and technologies, including some that were still in the research-and-development stage