Watch CBS News

Former Colorado data company executive convicted of mail and wire fraud, sold data on millions of people

Two men -- one from Colorado, the other from Kansas -- were convicted of several charges related to mail fraud and wire fraud after being accused of illegally selling data on millions of Americans to fraudsters.

Robert Reger, 57, of Boulder, and David Lytle, 64, of Leawood, Kansas, were convicted of conspiracy to commit mail and wire fraud, along with several counts of substantive mail and wire fraud. The pair worked for Epsilon Data Management LLC, which boasts a customer base of 250 million American customers -- about 75% of the entire country.

The U.S. Postal Inspection Service was the lead agency investigating the case. The U.S. Attorney's Office, which prosecuted the case in federal court, says Reger and Lytle knew they were selling data to fraudsters who targeted elderly and vulnerable people in scams.

"Defrauding elderly and vulnerable consumers will not be tolerated in the State of Colorado," Cole Finegan, U.S. attorney for the District of Colorado, said in a statement. "This case is an example of the responsibility both executives and companies hold when it comes to gathering and selling personal data, and I hope other companies take note of the serious outcomes of this case."

The company is based in Texas but has a sales office in Colorado, according to the Justice Department.

Companies Offer Info Deletion Services Amid Growing Data Broker Market
In this photo illustration, the logo of the data broker company Epsilon is seen through a magnifying loupe as it is displayed on a screen, on April 16, 2024 in London, England. Leon Neal / Getty Images

Reger and Lytle's trial lasted approximately two weeks, during which prosecutors say the pair were engaged in the scheme for about 10 years. Evidence presented in the indictment against them said there were at least two forms of fraudulent mail sent to victims:

  • Sweepstakes: These mail pieces falsely appeared to be personalized, formal communications from a government agency, law firm, or other official entity. The form, content, and structure of the mail pieces deceived some consumers into believing they had won a substantial sum of money, usually in a sweepstakes or other contest or game, but that, in order to claim the winnings, recipients first had to pay a fee, tax, or other sum.
  • Astrology: These mail pieces falsely led consumer recipients to believe they had been specially selected to receive the mail pieces because an astrologer or psychic had experienced a vision about them and would provide personalized information about them or purportedly unique items for a fee.

"These criminals preyed on some of the most vulnerable members of our community, and today's verdict sends a clear message that such predatory behavior will not be tolerated," Inspector in Charge Eric Shen of USPIS' Criminal Investigations Group said in a statement. "We will continue to work tirelessly to ensure justice is served and to prevent these crimes from happening in the future."

Reger and Lytle are set to be sentenced on Sept. 30. Both face a maximum penalty of 20 years in prison for each count.

Epsilon Data Management, according to the U.S. Department of Justice, uses data collected from marketing clients to predict consumer activity. Its website boasts a portfolio of working with companies and organizations including BP, Norwegian Cruise Lines, Yard House, the ASPCA, Staples and more.

In 2021, Epsilon Data Management settled with the Justice Department and victims for $150 million over similar allegations. Later that year, its CEO Bryan Kennedy retired. And in 2018, Steven Fritz Kessler, former Epsilon Vice President, pleaded guilty to conspiracy to commit mail fraud for his role in this case. Court records show he was sentenced to five years of probation and ordered to pay a $29,000 fine.

And in 2011, Epsilon announced a data breach that it said impacted 2% of the companies it counted as clients, and companies including Target, Kroger, US Bank, JPMorgan Chase, Capital One and Walgreens alerted their customers at the time of the breach. Kennedy, while he was CEO, defended the company in a 2014 segment by CBS' 60 Minutes.

The company did not respond to a request for comment Saturday. Attorneys representing the company and the defendants also did not respond to emails seeking comment.

View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.