There are a lot of ways your identity can be stolen.
Someone may grab your mail. They may scam you. They may pick your pocket or pick through your trash.
But what if your identity was stolen by someone who works at your bank or insurance company?
That's unfathomable, right? If you can't trust the people who work at your bank, who can you trust? But it happens. And at least one Lehigh County resident was victimized in a long-running fraud ring that recently was stopped.
Federal authorities said that victim, a customer at the former Commerce Bank, was among dozens of people who had money stolen or attempted to be stolen from their bank accounts or had credit cards opened in their names by an identity theft ring that operated in the Philadelphia area from about 2006 to 2012.
The ringleader, Lawrence Fudge of Philadelphia, was sentenced last month to 12 years in prison.
Authorities said in a news release that Fudge and others recruited two bank employees and an insurance company employee "to abuse the trust placed in them by their employers and pass on … the bank account and personal information of dozens of victims."
Other victims were from Berks, Bucks and Montgomery counties. They were identified only by their initials in an affidavit from a postal inspector. The Lehigh County victim did not have money stolen, but the thieves tried to withdraw $3,000 at a New Jersey branch of Commerce Bank using a fake driver's license in the victim's name and a withdrawal slip with the victim's account number, according to the affidavit.
This type of identity theft is scary because there's nothing you can to do to prevent it. Even scarier is that it's not uncommon, according to Steven Toporoff, an attorney at the Federal Trade Commission.
He told me no statistics are available, but "some measure of identity theft results from the misuse of information by insiders."
Toporoff said it's particularly a problem in the medical community, with hospitals, doctor's offices and clinics.
"Any company conceivably could have insiders," said Toporoff, who works in the FTC's Division of Privacy and Identity Protection. "It definitely does happen."
A Chester County couple were charged last month with paying employees of Community Hospital in Chester and Crozer-Chester Medical Center in Upland, Delaware County, to steal confidential medical forms. Authorities allege the couple used patients' identities to file fake tax returns and collect illegitimate tax refunds.
Also last month, a former mail room clerk at the IRS center in Philadelphia was sentenced to two years in jail for stealing the personal information of a taxpayer and opening credit card accounts in the taxpayer's name.
"All the places that have your Social Security number, all present potential of identity theft," said Richard Goldberg, chief of economic crimes at the U.S. attorney's office in Philadelphia.
He said businesses and institutions are aware of the risk and try to prevent it by screening potential employees and training them. Like Toporoff, Goldberg said it's hard to gauge the extent of that type of identity theft.
"There are tens of thousands of employees who work for these businesses who are not doing anything wrong and have no interest in stealing information," Goldberg told me. "By the same token, there's a possibility at just about every business where you have to provide your information."
In the six-year scheme led by Fudge that snared the Lehigh County victim, authorities said Nataya Lloyd, a former teller at Commerce Bank in Conshohocken; Christopher Brophy, a former branch manager at Citizens Bank in Horsham; and Dennis Clark II, a former employee of Prudential Insurance in Upper Dublin Township, were "recruited" to provide customers' personal information.
Lloyd, Brophy and Clark pleaded guilty to charges including aiding and abetting bank fraud and aiding and abetting aggravated identity theft. Court records say Clark was paid to provide customers' account information.
Court records say information was leaked for one Citizens Bank customer in 2008; nine Commerce Bank customers in 2008; and more than 25 Prudential Insurance customers in 2007. Banks and stores lost more than $316,000 due to fraud associated with the leaked information, authorities said, and there was an additional attempted fraud of about $45,000.