KANSAS CITY, Mo. - Beth Phillips, United States Attorney for the Western District of Missouri, announced today that a Gladstone, Mo., woman and two Kansas women have pleaded guilty in federal court to their roles in a computer hacking scheme in which the identity information from hundreds of customers was stolen from business computer systems and used to make Internet purchases.

Carrie Lynne Evola, 44, of Gladstone, waived her right to a grand jury and pleaded guilty today before U.S. Chief District Judge Fernando J. Gaitan to participating in a conspiracy to commit mail fraud.

Evola’s sister, Rosemary Evola, 40, of Mission, Kan., and sister-in-law, Kimberly Evola, 43, of Overland Park, Kan., and have also pleaded guilty to their roles in the conspiracy.

Carrie, Rosemary and Kim Evola admitted that they were involved in a computer hacking and identity theft scheme designed to obtain stolen credit and debit card numbers in order to make online purchases. Beginning in 2006, they developed relationships with several foreign individuals online in an attempt to obtain stolen credit and debit card numbers. One of these individuals was Sael Mustafa, 43, of Jordan, the leader of the conspiracy, who was sentenced on July 8, 2011, to 10 years in federal prison without parole.

Mustafa committed a substantial part of the fraud scheme outside the United States before he moved to Gladstone. Mustafa used the wireless network at an Internet café in Jordan to hack into company Web sites to access customer databases and download the customers’ personal information. Mustafa exploited these businesses for presumably less secure information, such as e-mail addresses, Web site passwords and security questions. This information was usually provided to the business by a customer registering on the Web site for online services such as a company newsletter, making a reservation, buying a gift card, or receiving e-mail coupons.

Mustafa and his co-conspirators then tried to use this stolen customer information at major credit card Web sites. They counted on the likelihood that many identity theft victims used the same password for the hacked accounts that they used for their online credit card accounts. Conspirators visited various credit card Web sites and, by trial and error, tested the stolen identity information to see if it matched the login and password information for their credit card account. If a victim had an account at a particular credit card Web site, and if the victim used the same login and password information, they were able to access these accounts.

The Evolas admitted that they used victims’ stolen credit or debit card accounts to purchase gift cards or make purchases online.

Carrie Evola acknowledged that the loss attributable to her criminal conduct was between $120,000 and $200,000. Rosemary and Kim Evola have each acknowledged that the loss attributable to their criminal conduct was between $30,000 and $70,000.

Under federal statutes, Carrie, Rosemary and Kim Evola are each subject to a sentence of up to 20 years in federal prison without parole, plus a fine up to $250,000. A sentencing hearing will be scheduled after the completion of a presentence investigation by the United States Probation Office.

This case is being prosecuted by Assistant U.S. Attorney Matthew P. Wolesky. It was investigated by the U.S. Postal Inspection Service and the Gladstone, Mo., Police Department.

Return to Top