Federal law enforcement have arrested five men for filing close to 1,000 fraudulent tax returns using the stolen information they obtained from a breach that compromised the data of 125,000 people, 88,000 of whom were listed in an Oregon employment company’s database.

Lateef A. Animawun, 34, of Smyrna, Georgia; Oluwatobi R. Dehinbo, 30, of Marietta, Georgia; Oluwaseunara T. Osanyinbi 34, of Marietta, Georgia; Oluwamuyiwa A. Olawoye, 28, of Marietta, Georgia; and Emmanuel O. Kazeem, of Maryland have all been indicted by a federal jury on conspiracy to commit wire fraud and mail fraud, wire fraud, mail fraud, and aggravated identity theft.

All but Kazeem have been arrested. They will be arraigned in the District of Oregon at a date to be determined by the court.

According to OregonLive, the group obtained the names, Social Security Numbers, and other personal information from a database owned by CICS Employment Services, which provides background checks for customer employees.

The breach compromised the information of at least 88,000 customers, 38,000 of whom live in Oregon. Residents of Washington and Nevada were also affected.

It is unclear at this time where the additional 40,000 breached records came from.

The group then used the stolen information to obtain electronic filing PINs from the Internal Revenue Service (IRS), which they used to file 980 fake tax returns seeking $6.6 million in tax refunds between April 2013 and July 2014.

The IRS rejected more than $4 million of the fraudulent returns, but the indicted were able to successfully claim $2.2 million.

Back in February of this year, CICS Employment Services began notifying its customers of a possible data breach. The company has since moved its database from a Phoenix-based server host, where the information was previously unencrypted.

As of this writing, several forensics investigations have been unable to determine how or when the breach at CICS Employment Services occurred.

Via: tripwire