Privacy Ninja

Former DHS Official Charged with Stealing Govt Employees’ PII

Former DHS Official Charged with Stealing Govt Employees’ PII

A former Department of Homeland Security official pleaded guilty today to stealing confidential and proprietary software and sensitive databases from the US government containing employees’ personal identifying information (PII).

61-year-old Charles Kumar Edwards coordinated the scheme while working for DHS-OIG (Department of Homeland Security, Office of Inspector General) as an employee and a former acting inspector general between February 2008 and December 2013.

Before working at DHS-OIG, Edwards also worked at the Transportation Security Administration (TSA) and the U.S. Postal Service – Office of Inspector General (USPS-OIG), according to the indictment.

While working at these government agencies, the defendant had access to multiple software systems and sensitive government databases that held sensitive personally-identifying information of DHS and USPS employees.

In September 2015, “after leaving DHS-OIG, Edwards founded Delta Business Solutions Inc., located in Maryland,” a Department of Justice press release published today says.

Also Read: 7 Key Principles of Privacy by Design that Businesses should adopt

“From at least 2015 until 2017, he stole software from DHS-OIG, along with sensitive government databases containing personal identifying information of DHS and USPS employees, so that his company could develop a commercially-owned version of a case management system to be offered for sale to government agencies.”

PII of hundreds of thousands of DHS employees stolen

Two other defendants, former DHS-OIG IT Specialist Murali Yamazula Venkata and Enterprise Applications Branch Chief in DHS-OIG’s IT division Sonal Patel, allegedly stole copies of database files containing the PII of roughly 246,167 DHS employees and around 6,723 USPS employees.

The PII was copied from DHS-OIG’s EDS system, DHS-OIG’s EDS source code, including an eSubpoena module, DHS-OIG’s database, and USPS-OIG’s STARS database and PARIS system.

The conspirators also purportedly misappropriated a key management services code and multiple activation keys associated with various Microsoft software products.

The stolen PII and Microsoft keys and code were then delivered to Edwards after leaving his employment with the DHS-OIG.

Edwards was also given copies of DHS-OIG and USPS-OIG documents and information that would help him develop a private, commercially-owned version of a case management system to be offered for sale to government agencies.

Also Read: 6 Simple Tips on Cyber Safety at Home

“Defendant EDWARDS used, possessed, and transferred stolen DHS-OIG and USPS-OIG documents and information, including PII of DHS and USPS employees, to software developers in India who were assisting Defendant EDWARDS with the creation and development of a private, commercially owned version of a case management system to be offered for sale to government agencies for the benefit, enrichment, and profit of Defendant EDWARDS and his business DB,” according to court documents.

“Defendants EDWARDS and VENKATA and Patel concealed their theft and the provision of software, source code, databases, documents, information, and PII to Defendant EDWARDS by arranging roadside meetings to pass media and equipment to Defendant EDWARDS, by emailing documents to their personal email accounts before forwarding them on to Defendant EDWARDS, and by concealing from DHS-OIG employees the purpose of their request for software.”

Edwards has pleaded guilty in the U.S. District Court for the District of Columbia to conspiracy to commit theft of government property and theft of government property. He will be sentenced at a later date.

A federal district court judge will decide a sentence for Edwards after considering US sentencing guidelines and other statutory factors.

56-year-old Venkata, his co-conspirator, has pleaded not guilty to the charges and his case is still pending.

Outsourced Data Protection Officer – It is mandatory to appoint a Data Protection Officer. We help our clients quickly comply with their PDPA & data protection requirements.

Vulnerability Assessment Penetration Testing – Find loopholes in your websites, mobile apps or systems.

Smart Contract Audit – Leverage our industry-leading suite of blockchain security analysis tools, combined with hands-on review from our veteran smart contract auditors.


Leave a Reply

Your email address will not be published. Required fields are marked *


Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.

Powered by WhatsApp Chat

× Chat with us