03.03.2026
2 min
279
A 52-year-old Florida woman, Heidi Richards, has been sentenced to 22 months in prison for running a years-long scheme trafficking thousands of stolen Microsoft Certificate of Authenticity (COA) labels. She was also ordered to pay a $50,000 fine.
Heidi Richards (also known as Heidi Hastings, Heidi Shaffer, and Heidi Williams), who operated Trinity Software Distribution, orchestrated the unlawful resale of Microsoft license keys outside authorized distribution channels.
COA (Certificate of Authenticity) labels are small stickers containing unique activation product keys distributed with physical software media such as Windows and Microsoft Office. Under U.S. federal law, these labels have no independent commercial value and cannot be sold separately from the licensed software or hardware.
The indictment states:
“The only authorized method of downstream distribution for a Windows OEM COA is affixed to the computer on which the software was installed or with the complete, sealed OEM package including the COA label and license.”
“The labels may not be sold on a ‘standalone’ basis separated from the software they were intended to authenticate.”
Between July 2018 and January 2023, Richards and her accomplices purchased tens of thousands of genuine Windows 10 and Microsoft Office COA labels from a Texas-based company at prices far below retail value.
Instead of distributing them legally with the corresponding software, Richards directed employees to manually extract the activation codes and transcribe them into Excel spreadsheets. The extracted Microsoft license keys were then sold in bulk to customers worldwide.
In total, $5,148,181.50 was wired to the supplier between 2018 and 2023.
Microsoft COA labels are designed to verify software authenticity and activate OEM versions of Windows and Office. The illegal resale of standalone keys fuels a gray market where software can be activated without a proper license. The case was prosecuted by the Computer Crime and Intellectual Property Section (CCIPS), which has secured more than 180 cybercrime convictions and helped victims recover over $350 million in the past five years. This case illustrates how even legitimate products can become part of large-scale criminal schemes when licensing rules are violated. The unlawful resale of activation keys undermines intellectual property rights, creates shadow markets, and carries serious criminal consequences.
