Former SAP VP Facing 30 Days In Jail For Lego Barcoding Scam

Thomas Langenbach, a former vice president for enterprise software giant SAP, is facing 30 days in jail and five months wearing an electronic ankle bracelet after entering a guilty plea to a felony commercial burglary charge for posting fraudulent barcodes on Lego toys at Target stores, according to a Santa Clara, Calif., Deputy District Attorney.

Langenbach, 48, who entered the plea before Santa Clara Superior Court Judge Vincent Chiarello, also faces three years of probation that prevents him from entering Target stores for that three-year period, said Santa Clara Deputy District Attorney Jim Sibley. Under the terms of the plea agreement, Langenbach is not under house arrest and can still travel to and from work, said Sibley.

[Related: Black Hat 2013: 14 Security Firms That Piqued Hackers' Interest ]

Langenbach was initially charged with four counts of commercial burglary, which could have resulted in a maximum sentence of up to five years in prison, said Sibley. Formal sentencing after a customary review by the county probation department is scheduled for Sept. 5.

Sponsored post

A call was made to Langenbach's attorney, Thomas Greenberg, who was unavailable at press time.

The Lego scam attracted national attention when the one time vice president of SAP Labs Integration and Certification Center, headquartered in Palo Alto, Calif., was arrested last May and charged with four felony counts of burglary.

Langenbach lived in a multimillion-dollar home in San Carlos, Calif., that was filled with hundreds of Lego boxes. Police alleged at the time that Langenbach had sold $30,000 worth of Lego items on eBay using the moniker "Tomsbrickyard."

Under the low-tech scheme, Langenbach preprinted barcode stickers and then placed them on Lego kits at steep discounts over the original retail barcode prices, Sibley said. The arrest came after Target officials had issued a flyer alerting store employees after capturing the barcoding scam on video surveillance cameras, said Sibley.

Sibley said that barcode switching is relatively common and that there was no evidence that Langenbach had used SAP products or trade secrets to engage in the felony burglary.

Bruce Schneier, a computer security specialist and cryptographer who writes the blog Schneier on Security, said changing price stickers on retail products has been an issue for retailers for many years, even before the advent of barcodes, with young children engaging in the activity. All the crime requires is a simple printer or photocopier, he said. "This is trivial to do," said Schneier. "It's copy and paste."

"This looks like a standard kleptomania crime," he said. "Of course it's a big deal when you catch a high tech executive. Legos are in some way the perfect item to commit this fraud with because they have a high value and are easy to resell. The big kits are very expensive."

NEXT: Barcode Scanning Scam Is Not A Victimless Crime

Keith Aubele, a certified protection professional and loss prevention specialist who is the president and CEO of Retail Loss Prevention Group, a Bentonville, Ark., said the barcoding scam perpetrated by Langenbach is anything but a victimless crime.

"We have to start looking at our judicial system and how in tune they are to the damming impact of this activity," said Aubele. "There are organized crime groups that make an incredible living off this type of activity. It sounds like this individual was a rogue or a lone wolf. But there are hundreds of millions of dollars being captured by organized crime in this very fashion through retailers across the country by organized crime outlets that have perfected this and other techniques. We can no longer turn a blind eye to this activity and just assume it can be absorbed by the retailer. Those days are gone. The revenue is being used to fund everything from terrorism to illegal arms purchases to illegal drug activity and money laundering."

Aubele said Langenbach had a highly profitable business with the barcoding scam. "The overhead costs are a printer, some labels and the gas to get to the stores," said Aubele. "He was selling hot commodity items on eBay for probably 20-30 percent below retail prices. Think about the return on this business. This guy found a vein of opportunity and he exploited it. Once he got involved and started spending the money, he couldn't quit because it was too easy."

Aubele said he sees the 30-day jail sentence, five-month ankle bracelet and three-year probation plea agreement as too lenient. "This guy's career is over, his reputation is forever damaged, he can never get that back," said Aubele. "He is paying a price beyond the sentence. The question is: is it a deterrent for the next guy? I don't think it is."

Bob Venero, the CEO of Future Tech, a Holbrook, N.Y.-based solution provider that provides retail point-of-sales solutions and security consulting, said the barcode scanning fraud is a widespread problem among retailers. He said smaller retailers have had success stopping the activity with a price flooring system that flags low-priced barcodes that do not match the price database. When those instances arise, a sales manager has to approve any override of the system, he said.

Larger retail establishments like Target have a more difficult time stopping the barcode scams because of the high volume of transactions and frequently changing sales and red light specials, said Venero. Those large retailers have so many sales and promotions that cashiers simply assume the barcodes are right, said Venero.

Venero sees the barcode fraud as a big opportunity for solution providers providing retail point-of-sale solutions. "Every retailer needs retail point-of-sale and back-end systems to make sure they have audit controls that can prevent this theft," he said. "We do an analysis on what the risks are with their current point-of-sale systems and then come up with products and steps we can take to prevent the theft. Many retailers are running older systems that don't support new auditing controls."