11 Snared in Wide-ranging ID Theft Scheme
Eleven people were charged Tuesday in a complex identity theft and computer fraud plot that led to some of the biggest data breaches in recent U.S. history, according to a published report, according to the Department of Justice.
Nine U.S. retailers were targeted, among them BJ's Wholesale Club, TJX, and DSW Shoe Warehouse, which all reported large data breaches between 2004 and 2007. OfficeMax, Barnes & Noble, Boston Market, Sports Authority, and Forever 21 were also victims of the scam.
Over 40 million credit and debit card numbers were compromised, by means of secretly installed "sniffer" programs on the retailers' computer networks, which enabled the criminals to gather confidential credit card and password information.
After gathering the information the suspects allegedly hid it in encrypted servers in Eastern Europe and the United States. They also allegedly sold some of the credit and debit card numbers to other criminals over the Internet.
The cards were subsequently used withdraw tens of thousands of dollars from ATM machines, the DoJ said. The suspects were allegedly able to conceal the money by employing anonymous Internet-based currencies and laundering funds through bank accounts in Eastern Europe.
The scheme is thought to be the largest computer-hacking and ID theft case ever prosecuted by DoJ, according to U.S. Attorney General Michael Mukasey, who said during a press conference, "This case highlights our increasing vulnerability to the theft of personal information."
Three of the suspects are U.S. citizens, one is from Estonia, three are from Ukraine, two are from China, and one is from Belarus. The eleventh suspect is known only by the online alias "Delpiero," and is of unknown nationality.
Nine U.S. retailers were targeted, among them BJ's Wholesale Club, TJX, and DSW Shoe Warehouse, which all reported large data breaches between 2004 and 2007. OfficeMax, Barnes & Noble, Boston Market, Sports Authority, and Forever 21 were also victims of the scam.
Over 40 million credit and debit card numbers were compromised, by means of secretly installed "sniffer" programs on the retailers' computer networks, which enabled the criminals to gather confidential credit card and password information.
After gathering the information the suspects allegedly hid it in encrypted servers in Eastern Europe and the United States. They also allegedly sold some of the credit and debit card numbers to other criminals over the Internet.
The cards were subsequently used withdraw tens of thousands of dollars from ATM machines, the DoJ said. The suspects were allegedly able to conceal the money by employing anonymous Internet-based currencies and laundering funds through bank accounts in Eastern Europe.
The scheme is thought to be the largest computer-hacking and ID theft case ever prosecuted by DoJ, according to U.S. Attorney General Michael Mukasey, who said during a press conference, "This case highlights our increasing vulnerability to the theft of personal information."
Three of the suspects are U.S. citizens, one is from Estonia, three are from Ukraine, two are from China, and one is from Belarus. The eleventh suspect is known only by the online alias "Delpiero," and is of unknown nationality.