A week after he was placed at Paragon Benefits Inc. by a temporary staffing agency, Drew Johnson appeared to be spending more time on his computer than his duties required before personal information from more than 5,200 TSYS employees was sent to his personal Gmail account, records in U.S. District Court stated Tuesday.
Johnson, 26, of Columbus was arrested Friday at an undisclosed residence and charged with felony identity theft. In an affidavit from FBI special agent Christian Coulter, Johnson is accused of illegally transferring and possessing the identification of another person in connection with an unlawful activity. TSYS said at least 1,000 former employees and 11 family members had their data compromised.
Johnson made his initial appearance in District Court and was ordered held for a 2 p.m. Thursday hearing before Judge Stephen Hyles. A motion from U.S. Assistant Attorney Melvin E. Hyde Jr. cited a risk to flee and no conditions for release that would reasonable assure the safety of the community.
Court records show that Johnson started work on Sept. 3, 2013, at Paragon Benefits, a company which administers health benefits for credit-card and payment processor TSYS in Columbus and Kelley Manufacturing Co. in Tifton, Ga. A week later, a Paragon employee noted that Johnson appeared to be spending more time typing on his computer than the job required of a new employee. The same employee believed that Johnson may have been sending personal emails from the account at the office, an activity that’s in violation of company policy.
An information technology analyst was directed to examine Johnson’s computer activity at work. The analyst discovered that Johnson sent two emails from his Paragon email to a personal Google Gmail account, which included an attached spreadsheet. In a search for recent computer activity, the analyst found searches that referred to the personal identifying information of employees whose benefits were administered by Paragon.
Files accessed by Johnson included two files, one from TSYS and another from Kelley Manufacturing, a company that manufactures agricultural equipment. Information included the employees names, dates of birth, Social Security numbers and home addresses. At the time, Johnson had access to the files but had no professional reason to visit the information.
To conduct a more in-depth examination of the employee’s computer, Paragon contracted with forensics computer Borderhawk. The company called the incident an internal data leakage, not an external cyber breach. The company also was able to put together a timeline showing how folders were accessed, a spreadsheet was created and emailed with an attachment to Johnson’s Gmail account. A second spreadsheet was created and attached to a second email to Johnson, records show.
Johnson used a Paragon computer and its network to examine thousands of employees’ personal information without authority, records show. On Sept. 17, an attorney for Paragon Benefits told the FBI that an employee who had been terminated had acquired personal information for employees of TSYS and Kelley Manufacturing.
The investigation by federal authorities with help from Columbus Police Department led to his arrest on Friday.