HAMP Hacker Sentenced for Fannie Mae Data Breach

Office of the Special Inspector General for the Troubled Asset Relief Program (SIGTARP) has announced that Sathish Kumar Chandhun Rajendran of Sterling, Va., has been sentenced for engaging in unauthorized access to government servers that hosted a Fannie Mae Web site used to support federal mortgage loan modification programs, including the Home Affordable Modification Program (HAMP). U.S. District Judge T.S. Ellis III presided over the hearing, which took place in federal court in Alexandria, Va.

Rajendran was sentenced to three years of supervised release and will be required to perform 50 hours of community service. Restitution was ordered in the amount of $69,638, and Rajendran was ordered to forfeit ownership of the laptop computer from which he accessed federal Web site servers without authorization. Rajendran was also ordered to write and publish online an article detailing the particulars of the offense, its seriousness, its effect on himself and his family, and why others should not engage in similar behavior.

Rajendran was charged and pleaded guilty on July 10, 2014, to a one-count criminal information charging him with unauthorized access to a protected computer causing damage. In the plea agreement, Rajendran also agreed, for a period of three years following his conviction, to refrain from participating as an employee, contractor or subcontractor, in any government contract requiring clearance.

According to court documents, Rajendran worked at Fannie Mae as an IT employee, and was assigned to the development of the www.CheckMyNPV.com Web site. The site was established under the Dodd-Frank Act by the U.S. Department of the Treasury and the U.S. Department of Housing & Urban Development (HUD) in conjunction with the government’s Making Home Affordable (MHA) program. The online tool on the site, operated by Fannie Mae under the auspices of MHA, allowed homeowners to determine the net present value of their homes and check their eligibility to participate in HAMP, a federal program designed to prevent mass foreclosures.

After being terminated from employment in August 2013, Rajendran repeatedly used administrator credentials to log into government servers and make unauthorized changes to the CheckMyNPV site, including disabling the site’s online tool for calculating the net present value of homes and for checking HAMP eligibility. As a result of these actions, Rajendran caused damage and loss to the site in the amount of $69,638.

“Rajendran, a former federal IT contractor, crashed the functionality of www.CheckMyNPV.com which temporarily prevented struggling homeowners from using the site’s ‘net present value’ calculator to determine their eligibility for TARP’s housing program, HAMP,” said Christy Romero, Special Inspector General for TARP (SIGTARP). “Those who stand in the way of homeowners getting the help they seek and need through HAMP will be held accountable and brought to justice by SIGTARP and our law enforcement partners.”