The Examiner has another story about an insider being accused or convicted of abusing her access in order to violate individual privacy, in this case taxpayers’ financial data privacy. Such cases of access misuse are numerous. A few include: a retired clerk at the New York Department of Taxation pled guilty to stealing the identities of taxpayers, dead family members and children to obtain 90 credit cards from 20 banks and ran up more than $200,000 on the cards; a UCLA Healthcare System researcher pleaded guilty to violating the federal health privacy law HIPAA – he was “alleged to have accessed the UCLA patient records system 323 times during the three-week period, mostly to check out the files of celebrities, according to the U.S. Attorney’s Office”; a former police dispatcher in Illinois misused “a police database for personal reasons — including checking up on the suitor of his girlfriend’s daughter.”
The Examiner reports:
A mentally ill woman exploited a loophole in D.C. tax office online systems to gain unauthorized access to taxpayer accounts, establish herself as the owner of dozens of businesses and file returns on their behalf.
Details of the online trespass, by a woman who law enforcement sources say believed herself to be the guardian of large corporations, were laid out in an independent auditor’s review of the District’s fiscal 2009 books and financial systems. BDO Seidman, D.C.’s outside auditor, found automated and manual tax processes in the Office of Tax and Revenue to be “significant deficiencies” in internal controls. […]
The woman electronically filed FR-500 forms, a document establishing change of ownership or authorized agent, for 114 existing and fictitious businesses between Oct. 13 and Dec. 22, according to the BDO report. Through the FR-500 process she was able to establish herself as the owner of the businesses and gain access, within 48 hours, to 76 taxpayer business accounts.
In seven cases, she reached the electronic payment account page for existing companies. With that access, BDO reported, she filed a tax return claiming $19.1 million in erroneous sales and use tax receivables, and submitted seven fraudulent tax payments totaling $699,993.
The transactions were caught before damage was done. The banks, for example, denied the tax payments because each included the wrong account information.