Heidi Richards, a 52-year-old resident of Brandon, Florida, was sentenced to 22 months in federal prison for her role in a conspiracy involving illicit Microsoft certificate of authenticity (COA) labels. The sentence follows a jury conviction and includes a $50,000 fine, according to U.S. Attorney Gregory W. Kehoe.
Court records show that Richards operated under the business name Trinity Software Distribution. She paid co-conspirators millions of dollars for thousands of genuine Microsoft COA labels at prices much lower than the software’s retail value. Richards and her employees extracted product key codes from these labels and sold them in bulk to customers. Federal law prohibits selling COA labels separately from the software they are meant to verify.
COA labels serve as proof of authenticity for Microsoft software and include security features designed to prevent counterfeiting. There is an illegal secondary market for these labels because their product key codes can activate Microsoft products. By law, COA labels must not be sold apart from their corresponding licenses and hardware; on their own, they have no legitimate commercial value.
The case was investigated by Homeland Security Investigations’ Kansas City Field Office. Assistant U.S. Attorney Risha Asokan from the Middle District of Florida and Trial Attorney Jared Hosid from the Justice Department’s Computer Crime & Intellectual Property Section (CCIPS) prosecuted the case.
CCIPS works with law enforcement agencies both in the United States and abroad, often collaborating with private sector partners to address cybercrime issues. Since 2020, CCIPS has secured convictions against more than 180 individuals involved in cybercrime and obtained court orders resulting in the return of over $350 million to victims.
