In a recent case, a hacker named Chirag Patel has been sentenced to 51 months in prison for stealing customer credit card numbers. Patel, who pleaded guilty to Computer Fraud, hacked into the computers of an international hospitality company based in Phoenix, Arizona. Between August 2017 and July 2020, he fraudulently transferred and redeemed customer reward points from the company’s loyalty program, as well as stole credit card numbers and other personally identifying information from customers and loyalty program members. In total, Patel stole and possessed over 1,200 credit card numbers. The Federal Bureau of Investigation conducted the investigation, and the United States Attorney’s Office, District of Arizona, handled the prosecution.
Background Information
Case Summary
In a recent cybercrime case, Chirag Patel, 38, was convicted for his involvement in hacking into the computers of an international hospitality company based in Phoenix. Patel engaged in various illegal activities, including fraudulently transferring and redeeming customer reward points, stealing credit card numbers and personally identifying information (PII), and saving screenshots of this information to his personal Google Drive. Patel’s actions took place between August 2017 and July 2020, and he was charged with Computer Fraud.
Hacker’s Sentencing
On May 8, 2023, United States District Judge G. Murray Snow sentenced Chirag Patel to 51 months in prison, followed by three years of supervised release. In addition to the prison sentence, Patel was ordered to pay $87,522.25 in restitution. This sentencing reflects the severity of Patel’s crimes and the impact they had on the company and its customers.
Details of the Crime
Chirag Patel repeatedly hacked into the computers of the Phoenix-based hospitality company over a period of nearly three years. During his unauthorized access, Patel manipulated the company’s customer loyalty program by fraudulently transferring and redeeming customer reward points. He also gained access to credit card numbers and other personally identifying information (PII) of customers and loyalty program members, which were stored in the company’s computers. Patel took screenshots of this information, including credit card numbers, and saved them to a Google Drive that he controlled. This illegal activity continued between August 2017 and July 2020, during which Patel stole and possessed over 1,200 credit card numbers. Some of these stolen credit card numbers were used to make unauthorized purchases, while others were attempted to be sold.
Overview of the Hacker’s Actions
Hacking into the Company’s Computers
Chirag Patel’s criminal activity primarily involved hacking into the computers of an international hospitality company based in Phoenix. Using his illicit hacking skills, Patel gained unauthorized access to the company’s systems and data, allowing him to carry out his illegal activities.
Fraudulent Transfer of Customer Reward Points
Once Patel successfully hacked into the company’s computers, he engaged in fraudulent activities related to the company’s customer loyalty program. Patel transferred and redeemed customer reward points without authorization, causing financial loss to the company and impacting the integrity of the loyalty program.
Stealing Credit Card Numbers and PII
In addition to manipulating the loyalty program, Patel also stole credit card numbers and personally identifying information (PII) from the company’s customers and loyalty program members. These sensitive details were stored within the company’s computer systems, and Patel’s unauthorized access allowed him to collect and exploit this information for personal gain.
Saving Screenshots to Google Drive
To further facilitate his criminal activities, Chirag Patel saved screenshots of the stolen credit card numbers and PII to a Google Drive account that he controlled. This allowed him to easily access and potentially share the stolen information with others, further perpetuating the impact of his cybercrimes.
Extent of the Theft
Number of Credit Card Numbers Stolen
During his criminal spree, Chirag Patel stole and possessed over 1,200 credit card numbers. This substantial number highlights the magnitude of the data breach and the potential impact on the affected individuals and financial institutions.
Unauthorized Purchases Made with Stolen Credit Cards
Using the stolen credit card numbers, Patel engaged in unauthorized purchases, exploiting the financial resources of the individuals whose information he stole. These fraudulent transactions likely resulted in financial losses for the affected individuals and potentially damaged their creditworthiness.
Attempted Sale of Stolen Credit Card Numbers
In addition to using the stolen credit card numbers for personal gain, Chirag Patel also attempted to sell some of the stolen credit card numbers. By offering these sensitive details to others, Patel intended to profit from his criminal activity while further perpetuating the risks associated with identity theft and financial fraud.
Investigation and Prosecution
Involvement of the Federal Bureau of Investigation
The investigation into Chirag Patel’s cybercrimes was led by the Federal Bureau of Investigation (FBI). The bureau’s expertise in cybercrime and its commitment to combating such criminal activities were instrumental in uncovering the extent of Patel’s actions and building a case against him.
Role of the United States Attorney’s Office, District of Arizona
The United States Attorney’s Office, District of Arizona, played a crucial role in the prosecution of Chirag Patel. The National Security Section of the office, based in Phoenix, handled the case and worked diligently to ensure a fair trial and seek appropriate legal consequences for Patel’s actions.
Case Number and Release Number
The specific details related to Chirag Patel’s case are as follows:
- Case Number: CR-21-00699-PHX-GMS
- Release Number: 2023-073_Patel
Sentencing and Restitution
Length of Prison Sentence
Chirag Patel was sentenced to a prison term of 51 months for his involvement in the cybercrimes. This significant sentence reflects the seriousness of his actions and serves as a deterrent to others who may consider engaging in similar illegal activities.
Years of Supervised Release
In addition to the prison sentence, Patel will face three years of supervised release. This period of supervision will act as a form of rehabilitation and support, ensuring that Patel is closely monitored and adheres to any necessary terms and conditions following his release from prison.
Amount of Restitution Ordered
As part of his sentencing, Chirag Patel was ordered to pay $87,522.25 in restitution. This financial compensation will help mitigate the losses suffered by the company and affected individuals as a result of Patel’s cybercrimes.
Implications of the Case
Impact on the Company and its Customers
The cybercrimes committed by Chirag Patel had a significant impact on the company and its customers. The fraudulent transfer of customer reward points undermined the integrity of the loyalty program and potentially caused financial losses for the company. Additionally, the theft of credit card numbers and PII exposed customers and loyalty program members to the risks of identity theft and financial fraud. Rebuilding trust and implementing enhanced cybersecurity measures are vital for the company to repair its reputation and protect its customers’ sensitive information.
Potential for Identity Theft and Financial Losses
The theft of over 1,200 credit card numbers and the attempted sale of this stolen information highlights the potential for widespread identity theft and financial losses. Individuals whose information was compromised by Patel’s actions may experience unauthorized transactions, damaged credit scores, and other negative consequences. Vigilance in monitoring financial accounts and promptly reporting any suspicious activity is crucial for affected individuals to mitigate the impact of the breach.
Importance of Cybersecurity Measures
This case underscores the importance of robust cybersecurity measures for businesses and organizations. Implementing comprehensive security protocols, regular vulnerability assessments, and employee training on best practices can help prevent unauthorized access and data breaches. Investing in cybersecurity safeguards is essential to protect customer information, maintain trust, and mitigate the potential financial and reputational damages caused by cybercriminals.
Related Content
Other Cases Involving Cyber Crimes
Chirag Patel’s case is just one example of the ongoing battle against cybercrime. Numerous other cases involving individuals and groups engaged in hacking, fraud, and data breaches have been prosecuted in recent years. These cases serve as a reminder of the prevalence and severity of cyber threats and the need for continued vigilance in combating these crimes.
Sentences for Similar Offenses
In cases involving cybercrimes, sentences can vary based on factors such as the extent of the breach, the impact on victims, and the defendant’s criminal history. While Chirag Patel received a prison sentence of 51 months, other individuals convicted of similar offenses may receive longer or shorter sentences depending on the specific circumstances of their cases.
Contact Information
U.S. Attorney’s Office, District of Arizona
For more information on the U.S. Attorney’s Office, District of Arizona, please visit http://www.justice.gov/usao/az/. The office is committed to upholding justice and prosecuting those who engage in cybercrimes that harm individuals, businesses, and communities.
Public Affairs Contact
For media inquiries and further information, please contact Diana L. Varela, Public Affairs at the U.S. Attorney’s Office, District of Arizona. Diana can be reached at (602) 514-7743 or via email at diana.varela@usdoj.gov. Stay connected with the latest news by following the U.S. Attorney’s Office, District of Arizona, on Twitter @USAO_AZ.
In conclusion, the sentencing of Chirag Patel for his involvement in cybercrimes highlights the severity of such offenses and the importance of cybersecurity measures. The theft of credit card numbers and personally identifying information poses significant risks to individuals and businesses alike. The case serves as a reminder of the need for ongoing efforts to combat cyber threats and protect sensitive data. Through the collaboration of law enforcement agencies and the justice system, individuals engaged in cybercrimes can be held accountable, and affected parties can seek recourse and support.