Alleged TSYS identity thief to plead guilty next week

Accused of stealing workers' addresses, Social Security numbers

tchitwood@ledger-enqurier.comFebruary 4, 2014 

Drew D. Johnson, 26, center, is escorted into court by two FBI agents Tuesday after being arrested Friday on identity theft charges. The arrest is linked to global credit-card and payment processor TSYS, who a few weeks ago announced that personal data from 5,247 current and former employees was stolen by an employee of a third-party administrator of its health care plans. The company said a Paragon Benefits worker emailed the names, addresses, birth dates and Social Security numbers to a personal email account. 10/15/13

MIKE HASKEY — mhaskey@ledger-enquirer.com Buy Photo

A temporary worker accused of stealing personal data last year while assigned to a Columbus company that administers health plans for large corporations will plead guilty next week in federal court, his attorney said Tuesday.

FBI agents arrested Drew Johnson, 26, on Oct. 11, charging him with felony identity theft for allegedly emailing himself the personal information of employees working for Columbus-based credit-card processor TSYS and for Kelley Manufacturing Co., which produces agricultural equipment in Tifton, Ga.

Investigators said the thefts started after Johnson went to work Sept. 3 at Paragon Benefits Inc., which handles health plans for major employers. Coworkers noticed Johnson was spending more time than necessary on a Paragon computer and suspected he was sending personal emails from an office account, a violation of company policy.

Paragon had a computer technician retrace Johnson’s online activity, and the tech discovered Johnson had sent office emails to a personal Gmail account, appending spreadsheets with Paragon client employees’ personal information, authorities said.

The information included names, home addresses, dates of birth and Social Security numbers – information that could have been used for credit-card fraud or fake income-tax returns, investigators said. Johnson’s job granted him access to the information, but he had no professional reason to view it, authorities said.

Paragon fired Johnson, and on Sept. 17 notified the FBI of the data leak, prompting the investigation that led to his arrest.

TSYS in 2013 said it had contracted with another health-plan administrator at the beginning of the year, but Paragon still was administering claims for 2012. TSYS said Johnson compromised data for at least 1,000 former workers and 11 relatives.

Charged with transferring and possessing the identification of another person in connection with unlawful activity, Johnson was expected to plead guilty Tuesday before U.S. District Court Judge Clay Land. But his attorney Jose Guzman sought to postpone that, saying he did not have all the information he needed on the case.

Assistant U.S. Attorney Melvin Hyde said authorities still were trying to estimate a dollar amount for the damage Johnson is alleged to have caused, which could be a factor in his sentencing. Land rescheduled the plea hearing for 9:30 a.m. Feb. 13, and set a trial date for Feb. 24, should Johnson decide against pleading guilty.

Ledger-Enquirer is pleased to provide this opportunity to share information, experiences and observations about what's in the news. Some of the comments may be reprinted elsewhere in the site or in the newspaper. We encourage lively, open debate on the issues of the day, and ask that you refrain from profanity, hate speech, personal comments and remarks that are off point. Thank you for taking the time to offer your thoughts.

Commenting FAQs | Terms of Service