Part of why identity theft is such a growing crime is because—at least on the surface—it seems so easy. If you have a few pieces of information and a little bit of time on your hands, you can attempt to make off with serious money.

Unfortunately, as some criminals know the victims may not be required to cover any of the costs associated with the crime, it can also be seen as a “victimless” crime, despite the fact that major corporations and shareholders foot the bill, then pass that cost on to all of their customers.

A New York couple has now been charged in a second jurisdiction for their part in an identity theft ring that already resulted in multiple convictions. The Bronx couple were integral in a four-year identity theft spree that took in over $850,000 from Westchester area banks. Those charges brought convictions for the couple and three other participants in the scheme.

Now, the same couple is facing additional charges in another county where they stole bank customers’ information and withdrew large amounts of money. The fifty-count indictment addresses a one-year time period that netted over $450,000.

The couple, Tyrone Lee and Nadia Figueroa, relied on Firgueroa’s job as a bank teller. As a teller, she sifted through the customer database for names, account numbers, and other pertinent information based on high-dollar bank balances. Lee would then withdraw money from those accounts at various bank branches in the surrounding area.

This kind of database mining is considered an “inside” data breach. That occurs when an individual working for a business or organization begins collecting information that had been legitimately gathered by the business, strictly for the purposes of selling it or using it for identity theft. While it’s not inconceivable that a veteran employee might turn to this kind of crime after working at a place of business for many years, an increasing number of inside jobs involve employees who purposely set out to gain employment in a field that will offer them access to this kind of personal data. These jobs may be in hospitals, doctor’s offices, state and federal government offices, and of course, banks.

While Lee and Figueroa are facing a possible fifteen year sentence for even just one of the charges against them, there isn’t much that customers could have done personally to prevent this crime spree. So what do consumers need to do to protect themselves?

First, there are times when you’ll be required to turn over your personal identifiable informatio, but make sure you’re only giving it to people who need it. If you’re registering for government benefits, yes, you’ll have to provide your information. But a doctor’s office doesn’t actually need your Social Security number or bank account number in order for you to receive treatment. Be mindful of where you’re sharing and what can happen to it.

Next, ask for the policies. How are these businesses storing your information, and what are they doing to make sure no one can see it without justification? It might seem a little insulting to imply that the employees may be thieves, but you’re the customer and you have a right to know how you’ll be protected.

Finally, you must monitor your accounts and any statements you receive for suspicious activity. This couple operated a crime ring for almost four years before they were caught. Don’t let four years of theft and unauthorized activity go by before you notice. Report any strange activity to the company immediately, and be sure to check your credit reports routinely to make sure no new accounts have been opened in your name.