Man jailed for using data breach info leaks to claim over $12 million in IRS tax refunds

A St. Louis resident has been sentenced to four years behind bars for stealing the identities of US citizens to file fraudulent tax return claims, made possible through data leaked in security incidents. 

Babatunde Olusegun Taiwo, alongside co-conspirators including Kevin Williams, used the personal identifying information (PII) of individuals leaked due to a data breach at a payroll company to file false returns with the US Internal Revenue Service (IRS), the US Department of Justice (DoJ) said on Thursday. 

The payroll company's data breach impacted hundreds of individuals, including school district employees across Alabama and Mississippi. 

Information stolen from the company included enough PII to be able to file tax returns and refunds claims. Taiwo attempted to conceal the fraudulent scheme by "filing the tax returns under electronic filing identification numbers that the IRS issued to tax return preparation businesses that they obtained without authorization," prosecutors say. 

Submitted claims requested that refunds be sent to their addresses in St. Louis.

The DoJ says that in total, over 2,000 fraudulent returns were filed in an attempt to claim more than $12 million. The IRS paid out $889,712 before the scam was exposed. 

See also: ATM skimmer sentenced for fleecing $400,000 out of US banks

Taiwo will serve his time in prison alongside three years of supervised release. He has also been ordered to pay back every cent the IRS issued. 

Williams was previously sentenced to 6.5 years in prison not only for his role in the ID theft, but also for voter fraud and for re-entering the US after being removed from the country. 

"We will continue to pursue criminals who prey on innocent victims and we will continue to enforce our nation's tax laws," said Thomas Holloman, Special Agent in Charge at the IRS Criminal Investigation Atlanta Field Office. "Today's sentencing should send a clear message to would-be criminals -- you will be caught and you will be punished." 

CNET: Drone swarms in 3 states prompt FAA, FBI investigation of mystery

On Thursday, the DoJ said in a separate release that an Indian national, Hitesh Madhubhai Patel, has pleaded guilty to operating a number of scam call centers in India. 

Between 2013 and 2016, the call centers were used to scam victims out of millions of dollars by impersonating IRS and US Citizenship and Immigration Services (USCIS) employees, threatening victims with arrest, deportation, fines, and jail time unless they paid money they apparently owed to the US government. 

TechRepublic: CES 2020: How McAfee's Just in Time debugger stops cybercriminals

Victims were made to either wire funds directly or purchase cards. Runners were used in the US to launder and liquidate the illegal proceeds of these scams. 

Sentencing is set for April 3, 2020. Patel faces up to 20 years in prison, as well as "a fine of up to $250,000 or twice the gross gain or loss from the offense," prosecutors say.

A total of 24 individuals also believed to have participated in these schemes have been convicted. 

CES 2020: The best tech, gadgets on show (so far)

Previous and related coverage

• Travelex customers left in cashless limbo, ICO not formally alerted to data theft claims
  
• Telegram opens lid on TON project amid SEC spat: 'Grams won't help you get rich'
  
• Hackers probe Citrix servers for weakness to remote code execution vulnerability
  

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0