Christopher Andrew Phillips was arrested this week and charged on four counts of fraud. Federal prosecutors have accused him of hacking into a University of Texas database in spring 2003 and downloading 55,200 names, along with Social Security numbers and other private information. One official had characterized it as the University's worst online information theft to date.
The indictment claims that Phillips downloaded biographical data from an unnamed genealogical Web site in the fall of 2002. The next January, he reportedly wrote a program that used the publicly-available genealogy data to access a University of Texas database called TXClass. The database records that university's employee training records. The indictment also states that Phillips' computer contained other people's bank account, financial aid, and credit card information.
The University of Texas paid $122,000 to respond to the security breach and assess damages, according to the indictment. It also spent $45,000 to identify and inform those whose information was stolen.
Phillips is charged with one count of fraud with computers, one count with "identification documents, authentication features and information," and two counts with access devices. Each of these can be punished through fines or prison time.