An employee at a tech company based in Virginia has been sent to prison for stealing personally identifiable information (PII) from Healthcare.gov customers and exploiting it for profit.
Colbi Trent Defiore accessed data belonging to more than 8,000 individuals without authorization while working at a contact center in Bogalusa, Louisiana. The 27-year-old then stole the data and used it fraudulently for his own personal financial gain, applying for credit cards and personal loans.
At the time that he committed the offenses, Defiore was employed as a seasonal worker for a company that supported the Centers for Medicare & Medicaid Services (CMS) by operating contact centers to assist with Medicare enrollment and other processes.
The company, which was unnamed in the court documents, required all to undergo training on how to handle consumers’ PII appropriately. Despite the training, Defiore admitted to accessing and obtaining consumers' data on multiple occasions in November 2018 by improperly accessing the Healthcare.gov database.
The Carriere, Mississippi, resident conducted bulk searches of the database, an action that he was prohibited from doing. He then copied his search results onto a clipboard and emailed them to his work email account.
After his working day had ended, Defiore accessed his work email remotely without authorization to retrieve the stolen data.
The personal information of at least five consumers was used illegally by Defiore to apply for at least six credit cards, loans, and lines of credit for his personal benefit.
Defiore was charged November 7, 2019, by a federal grand jury in a one-count indictment with intentionally accessing a protected computer in excess of authorization for the purpose of commercial advantage and private financial gain, and in furtherance of the commission of a felony.
"In total, Defiore's conduct caused reasonably foreseeable loss to the companies that operated the call center, including costs associated with responding to the offense, conducting a damage assessment, responding to and remediating damage, contacting consumers who were potential victims, and providing theft protection services for consumer-victims, in the amount of $587,000," said the Department of Justice.
Defiore was sentenced to 42 months’ imprisonment, 3 years of supervised release, and payment of a $100 special assessment fee.