After the Texas Department of Public Safety revealed to victims this month that it had unknowingly sent thousands of driver’s licenses, most of which belonged to Asian Americans, to an organized crime group, a victim is sharing details of credit card fraud, stolen data, digital SIM card access and more.
A 33-year-old senior consultant, who asked to remain anonymous for fear of retaliation, estimates she has racked up $50,000 in losses through schemes that used her stolen Texas driver’s license information.
DPS Director Steve McCraw told the Texas House Appropriations Committee in late February that a New York-based Chinese organized crime group had obtained 3,000 licenses with Asian names, like the consultant’s, to sell to predominantly Chinese undocumented immigrants in hope of impersonating the victims. In a statement provided to NBC News, the department said the number of victims has risen to 4,800. And a little over 2,000 have been in contact with staff members to address the issue.
NBC News was able to verify $16,000 in losses through receipts and copies of checks. Many of the remaining disputed transactions don’t show up in statements, as they were quickly resolved by Chase Bank, the consultant said. A representative for Chase was unable to give specifics about her case because of privacy reasons but confirmed that the consultant had been in contact with it and that a claim had been filed for the disputed transactions. She has been able to recover and resolve all the disputed funds through Chase and insurance.
While McCraw revealed the issue to a state House committee at the end of February, he said his department discovered the attacks in December. For the consultant, the ordeal began nearly six months ago. She said hopes to share her story so more resources can be dedicated to the Asian community. Those with limited English skills and the technological know-how to resolve the fallout from the identity fraud, she feels, are inadequately served.
“They need to do more for the community,” she said of the state. “Give resources to the community that’s affected.”
In a matter of months, the consultant says, she has had to not only resolve monetary losses but letters viewed by NBC News showed she also fielded notifications that the scammers have tried to open dozens of Capital One credit cards under her name.
Although DPS sent letters notifying people that they are among the thousands of fraud victims in March, the consultant said the suspicious activity began in November, when her recurring payments stopped working. Upon calling Chase Bank, she discovered her account had been closed, and after she logged into the Chase website, she further found two fraudulent $2,000 withdrawals made before her account was closed.
Although the withdrawals were resolved quickly, the victim said, the nightmare continued. She said that in February her family members, who were on the same family phone plan, got calls from T-Mobile informing them that had been attempts to request an eSIM card.
The digital SIM card would allow fraudsters to access her phone data.
The victim said that after hours on the line with the phone company, she was able to regain control of her data and confirm that her driver’s license had been used to obtain the card — but not before the fraudsters had been able to briefly activate the eSIM card and access her mobile Chase bank app, where they downloaded several of her Chase credit cards and a debit card to the Apple Wallet app.
Fraudsters proceeded to go on a luxury shopping spree, spending $40,000, a Chase representative told her over the phone. A receipt from Louis Vuitton, viewed by NBC News, showed that the fraudsters spent more than $7,000 on the luxury brand alone.
A representative from T-Mobile confirmed that the company’s care team had been in contact with the victim but was unable to share specifics due to privacy reasons.
“It’s not amateur,” she said. “They have a playbook, it’s happening very quickly, and they are not going through the traditional routes.”
For months, the victim said, she was unsure why the attacks were happening, floating the theory that perhaps the T-Mobile security breach had something to do with it. It wasn’t until she read NBC News’ article about the issue this month and a letter she eventually got from Sheri Gipson, the chief of DPS’ driver’s license division, dated March 18, that she finally understood.
“I realized I am the 3,000 people who have been affected,” she said.
McCraw said that DPS “opted to conduct a thorough investigation” before it made the information public and that it alerted victims right away, but he said victims’ identifications could still have been used before they were notified.
The Department of Information Resources, which operates the Texas.gov website on which the IDs were ordered, denied a request for comment.
Ericka Miller, DPS’ press secretary, didn’t comment on the investigation. She said in a statement that the department “continues working with those customers affected by the recent security incident to assist them with securing appointments to come into an office and obtain a replacement driver license (DL) or identification card (ID).”
The consultant is still concerned that her information could be compromised. While she has visited the DPS website for victims and spoken to seven representatives in the department, she said, she has been unable to suspend her license. And she fears she’ll remain unprotected until her appointment with the department in late April, when she can return to the U.S.
Still, she considers herself “privileged” given her language skills and technological know-how. An estimated one-third of Texans of Asian descent have limited English proficiency, defined as having difficulty communicating effectively in English, according to the nonprofit civic engagement and data group AAPI Data. Other organizations, including Asian Texans for Justice, have similarly demanded that DPS contact all victims and provide language assistance.
“This is Texas,” the victim said. “Have it in Vietnamese. Have it in Chinese.”
Miller didn’t mention whether the letters themselves would be translated but said in the statement that the department will make a second round of attempts to contact victims who haven’t yet responded.Those notifications, she said, will include links to view the notices in Chinese, Japanese, Korean, Vietnamese and other languages.