The U.S. District Court of Nevada has sentenced Gareth David Long, a British citizen, for stealing as much as $22 million from 375,000 victims in the U.S. by exploiting his access to their personal and financial information.
The 41-year-old formerly operated V Internet Corp, a payment processing company between 2008 and 2013. The company was engaged in the creation and deposit of remotely-created checks (RCCs) on behalf of account holders and therefore, had access to the personal and financial information of hundreds of thousands of Americans.
According to the U.S. Department of Justice, Long stopped acting as a third-party payment processor for other merchants in 2013, but continued to use RCCs to charge the bank accounts of consumers whose personal identifying information he had acquired since 2008.
Between January and July 2013, Long created and deposited more than 750,000 RCCs that were valued at over $22 million. While half of those RCCs were immediately reversed by victims' banks, he still managed to steal around $11 million by carrying out wire fraud in the six-month period.
Using the stolen money, Long made several high-value purchases such as a ranch and 23 acres of land in Texas, three airplanes, cars, a fire truck, and construction and farm equipment. As part of the court order, Long was forced to forfeit the purchased land and the Texas ranch and also had more than $2.9 million of the stolen case seized by the U.S. Postal Inspection Service.
“The defendant exploited his access to sensitive personal and financial information to steal millions of dollars from victims throughout the United States. The Department of Justice is committed to protecting the public from such identity theft and fraud,” said Jody Hunt, Assistant Attorney General for the Justice Department’s Civil Division.
This is the second time in less than a year that a British citizen has been indicted in the U.S. for carrying out large-scale cyber crimes. In September last year, 19-year-old Elliott Gunton of Norwich was indicted in the United States along with New York-based Anthony Tyler Nashatka for infiltrating the website of cryptocurrency exchange EtherDelta and tweaking the site's DNS settings to route site visitors to a fraudulent website in order to steal their cryptocurrency addresses and private keys.
The breach of EtherDelta took place in December 2017 and as a result of the hack, an EtherDelta customer lost $800,000 (£640,000) after typing in their credentials on the spoof website creeted by Gunton and Nashatka. Hundreds of other EtherDelta customers also lost cryptocurrency to the two hackers between December 20 and 26, 2017.
In August last year, Gunton was also found guilty by Norwich Crown Court for illegally gaining access to the computer systems of Australian telecom major Telstra and hijacking the Instagram account of Australian designer Phil Darwen.
Gunton was sentenced to twenty months in custody but was immediately released after his time spent on remand was taken into account by the court. However, if he is found guilty by US courts for cryptocurrency fraud, he could be sentenced to up to twenty years in prison.
Back in 2017, Gunton, then a minor, was awarded a year-long youth rehabilitation order after the court found him responsible for the massive TalkTalk data breach which took place in 2015. As per the court order, Gunton discovered vulnerabilities in TalkTalk's computer systems and shared details of the same on hacker forums. As a result, TalkTalk's website was targeted as many as 14,000 times by hackers.