Wednesday, August 6, 2008

11 charged in TJX, BJ's Wholesale Club breaches

BOSTON (8/6/08)--Eleven people have been charged with stealing more than 40 million credit and debit card numbers obtained from TJX Cos., BJ's Wholesale Club Inc., and seven other retailers.

They were indicted Tuesday, in what the Justice Department calls the largest, most complex identity-theft case ever prosecuted (ComputerWorld.com, CNNMoney.com and Bloomberg.com Aug. 5).

Thousands of credit unions and their members were among those impacted in the thefts. Credit unions and other financial institutions were forced to reissue compromised cards and endure costs related to fraud. Some of the breaches sparked lawsuits by credit unions and by their insurance companies.

The identity theft ring targeted nine U.S. retailers, including TJX, BJ's, DSW Shoe Warehouse, Office Max Inc., Boston Market, Barnes & Noble Inc., Sports Authority, Forever 21, and Dave & Buster's restaurants.

Participants in the ring installed "sniffer" programs on the retailers' networks, allowing them to collect credit card and password information, said Michael Sullivan, U.S. attorney for the District of Massachusetts.

Three people in Boston are charged with hacking into the retailers' wireless computer networks and installing sniffer. They allegedly concealed the data in computer servers they controlled in Eastern Europe and the U.S.

The Justice Department said the charges allege the defendants sold the data over the Internet to others who encoded the stolen information on blank cards and used those cards to withdraw tens of thousands of dollars at a time from ATM machines (The New York Times Aug. 5). They laundered their proceeds through using anonymous Internet-based currencies and channeling funds through bank accounts in Eastern Europe.

Eight people were charged in San Diego with operating an international distribution ring of stolen debit and credit cards. One defendant allegedly received $11 million in proceeds from selling stolen information.

Three of the people charged are U.S. citizens. Others are from Estonia, Ukraine, China and Belarus.

Some of the defendants will face identity theft charges in New York for hacking into the restaurant chain's computer network.

Prosecutors say the scheme was spearheaded by Albert "Segvec" Gonzalez, a Miami man who is being held in jail on the New York charges. He is charged with computer fraud, wire fraud, access device fraud, aggravated identity theft and conspiracy.

courtesy of cuna.org

1 comment:

Benjamin Wright said...

CCU: Careful reading of the indictments of the TJX data thieves show that the media, card issuers and Federal Trade Commission over-reacted to the TJX incident. The TJX break-in was not as bad as we were led to believe. --Ben http://legal-beagle.typepad.com/wrights_legal_beagle/2008/08/credit-card-iss.html