It can be hard for law enforcement officials to connect all the dots when internet crimes occur. Whether it’s a major corporate data breach or a smaller-scale single-entity event, finding out how far the crime has spread and uncovering the extent of the damage can be a case of the proverbial needle in the haystack.

But there has been a recent victory for uncovering ID theft and its scope. Authorities believe they’ve pinpointed the source of tax refund fraud that resulted in the filing of 900 fraudulent returns in an attempt to receive over $2.2 million dollars: the hacking of personnel records in the University of Pittsburgh Medical Center system in early 2014.

Of the 62,000 or so employees of the twenty-plus hospital network, approximately 27,000 were the victims of a data breach. Authorities believe the foreign hackers used the data gleaned in that event to file the fraudulent tax returns this year.

Now, the court has issued an indictment for one individual named in the investigation, Yoandy Perez Llanes. Investigators also have information on three other unnamed people who operated an identity theft ring with Llanes. While police are not releasing the exact country-specific location of the hackers due to the ongoing investigation and the fact that more individuals are believed to be involved, they were very clear about what happened in this event.

First, the data was stolen by hackers who may or may not have been involved in the tax refund fraud. The hackers are either the same people who filed the false tax refunds, or they simply sold the stolen data to the ID theft ring who filed the returns.

Once the tax returns were filed, the thieves requested the fraudulent refunds in the form of credits, which is an option that some tax preparation services like Turbo Tax offer. The credits were used to buy high-dollar items like smartphones and tablet computers, items which were then “reshipped” by brokers in Miami who received the acquired goods and sent them to Venezuela. The items were then sold through online auction sites and other avenues of resale, although authorities believe some were kept for personal use.

This is a good time to issue a warning to consumers about reshipping scams. The internet is rife with shady offers to work from home, and reshipping is one of the many different scams that thieves use to get other people to do their dirty work. It hasn’t been stated yet whether the individuals who received and then shipped the Amazon items were actually part of the ID theft ring, or whether they were simply unscrupulous people who got duped into participating in an illegal activity with promises of working from home.

Incidents like this one should serve as a warning to consumers about the reach of identity theft. It’s not just a matter of getting new credit cards from your bank or changing passwords on your online accounts after a major data breach or after learning your identifiable information was compromised. You must stay on top of your identity by monitoring your credit reports, keeping tabs on all of your account statements, and making sure to file your taxes as early as possible to beat a thief to it. If you have reason to believe your information has actually been used, you might investigate putting alerts or freezes on your accounts with the credit reporting agencies and with the IRS, just to prevent further damage from taking place.

Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.