United States v. Agarwal, No. 20-2890 (3d Cir. 2022)
Annotate this Case
Agarwal, a contract network engineer, had security credentials that granted him access to the corporate offices and internal networks of telecommunications companies. Agarwal installed key-logging software to obtain employee usernames and passwords and installed unauthorized hardware and computer code that enabled him to surreptitiously transfer information. Agarwal also used a vacant office without authorization. The companies learned of the unauthorized activities and devoted significant resources to investigate and remediate the breaches; compromised accounts and computers were temporarily taken offline. Agarwal monitored the investigations.
Agarwal eventually pleaded guilty to aggravated identity theft, 18 U.S.C. 1028A(a)(1), and two counts under the Computer Fraud and Abuse Act (CFAA) for intentionally accessing a protected computer without authorization and obtaining information valued at more than $5,000, 18 U.S.C. 1030(a)(2); 1030(c)(2)(B)(iii). The statutory maximum sentence was 12 years, five years for each CFAA violation, plus a mandatory consecutive two-year term for identity theft. Agarwal disputed the PSR's loss calculation of over $3,000,000, most of which was for salary expenses for investigating and remediating the breaches. His Guidelines range was 70-87 months’ imprisonment for the CFAA violations. The court sentenced Agarwal to 70 months’ imprisonment for the CFAA violations, plus the mandatory two-year sentence. The Third Circuit affirmed, rejecting an argument the plea was unknowing because Agarwal could not have reasonably foreseen the losses that would be attributed to his CFAA violations. Agarwal signed the plea agreement aware that the loss amount was disputed and waived the right to appeal his sentence.
Some case metadata and case summaries were written with the help of AI, which can produce inaccuracies. You should read the full case before relying on it for legal research purposes.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.