Cyber Incident Victim: Wolfe & Associates

On or around March 25, 2020, Gordon Welterlen, 37, and Nicole Milan, 31, both residents of San Diego, unlawfully accessed the computer network of Wolfe & Associates Property Management, a Santa Barbara County-based company. The hackers exfiltrated personally identifiable information belonging to more than 9,000 clients, enabling them to steal identities at scale. Following the breach, Welterlen and Milan systematically exploited the stolen data to submit fraudulent unemployment claims to the State of California. They filed over 300 such claims, successfully diverting approximately $2 million in illicit payments from state unemployment systems. The stolen funds financed luxury purchases, including high-end vehicles—a Mercedes and two Jaguars—upscale apartments, and narcotics. The scale of the breach and subsequent fraud ranked it among the largest data security incidents in Santa Barbara County’s history.

Law enforcement investigations led to the identification and arrest of the perpetrators, both of whom had prior criminal histories. In late March or early April 2020, Welterlen and Milan pleaded guilty to multiple felony charges related to computer hacking, identity theft, and fraud. Their admissions resulted in a combined prison sentence of 33 years, reflecting the severity of their crimes. The breach directly impacted Wolfe & Associates’ clients, whose compromised data exposed them to financial fraud and identity misuse. No specific remediation efforts by the property management firm were disclosed in available reports, though the judicial outcome underscored the legal consequences for large-scale cybercrime. The case highlighted vulnerabilities in unemployment claim verification processes, as the fraudulent filings bypassed state safeguards to extract substantial funds.