In U.S. v Wright the defendant Wright pled guilty to conspiracy to commit wire fraud and aggravated identity theft by filing fraudulent tax returns in the name of identity theft victims in order to obtain the refunds in violation of 18 USC §1349 and possessing 15 or more counterfeit and unauthorized access devised with the intent to defrauds in violation of 18 USC §1029. Other counts involved possession of names and social security number of five different people. The factual proffer of the plea agreement revealed that the IRS discovered fraudulent returns coming from the same Interne Protocol (IP) address what turned out to belong to a Florida apartment that was rented by Wright. The IRS agents executed a search warrant at the apartment where they found person identifying information PII for thousands of people in a number of places in the apartment. After seizing and analyzing the documents, the IRS determined there were 12,124 identities, 331 debit of credit cards containing account information and 2,090 identities found on the computers and flash drive.
The district court sentenced Wright to 84 months. Because the intended loss on all the tax returns totaled $868,472 plus an additional $6,905,500 representing $500 for each of the 13,811 remaining compromised identities found in the apartment. The issue on appeal was whether the loss amount calculated for determining Wright’s sentencing should the $500 amount for each of the remaining 13,811 compromised identities. The appeals court refined the issued by asking whether the 13,311 compromised identities qualified as “access devises” under any part of the definition for access devices as given in the sentencing guidelines. While the court of appeals found the 331 debit or credit cards and numerous social security number are access devises, the question became whether the other thousands of compromised identities which were described only as “personal identifying information.”