Former Employee of Countrywide Home Loans Ordered to Pay $1.2 Million in Restitution for Data Breach Involving Information for Millions of Individuals

A former employee of Countrywide Home Loan was sentenced to prison and ordered to pay restitution Wednesday in connection with a large-scale data breach, announced André Birotte Jr., the United States Attorney for the Central District of California, and Steven Martinez, the Assistant Director in Charge of the FBI’s Los Angeles Field Office.

Rene Rebollo, 39, of Pasadena, was sentenced by U.S. District Judge Christina A. Snyder to eight months in prison, followed by 10 months in a community correctional facility. Judge Snyder also ordered Rebollo to pay $1.2 million in restitution to Countrywide, now Bank of America, and imposed restrictions with regard to Rebollo’s future access to consumer information.

Rebollo was arrested in 2008 after an investigation revealed that he had downloaded, possessed, and sold consumer information contained in Countrywide databases. Rebollo pled guilty to violating 42 U.S. Code 408 (a)(8), unlawfully disclosing social security numbers.

Rebollo was employed as a senior financial analyst for Countrywide’s subprime mortgage division in Pasadena where he had access to computer databases, many of which contained sensitive consumer information maintained in private Countrywide databases. Rebollo admitted that he saved the reports to personally owned flash drives and distributed financial information and contact information pertaining to approximately 2.5 million individuals. Rebollo further admitted that, in at least 50,000 instances, the individuals’ Social Security numbers were disclosed.

Rebollo opened a personal bank account specifically for the purpose of depositing and holding the illegal proceeds of the Countrywide data sales.

A second man charged in a related case, Wahid Siddiqi, 28, formerly of Thousand Oaks, was previously sentenced to 36 months in prison after he pleaded guilty to fraud and related criminal activity involving access devices.

As a result of the data breach, Countrywide underwent considerable expenses, including notification of individuals whose information was improperly disclosed, at a cost of approximately $1.2 million, and providing free credit monitoring for those individuals at a cost of approximately $15.75 million. Countrywide has also estimated that it has expended approximately $13.4 million in civil litigation, including several class action lawsuits, arising from the data breach.

This case is a result of an investigation by the FBI’s Los Angeles Field Office,.and was prosecuted by the United States Attorney’s Office in Los Angeles.