Indictments in ID Theft Scheme Involving 40 Million Card Numbers
11 people have been indicted in an identity theft scheme involving the illegal sale of more than 40 million credit and debit card numbers that were stolen from the computer networks of several major U.S. retailers. The U.S. Department of Justice (DOJ) is calling the case the largest hacking and identity theft prosecution ever charged by the federal government.
According to a DOJ Press Release, the scammers hacked into the computer networks of major retailers -- including TJX Companies (owner of TJ Maxx and Marshalls stores), BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW -- and installed "sniffer" programs to gather card numbers, passwords, and account information. That information was then sold to criminals in the U.S. and Eastern Europe. Reuters reports that "the charges target three people from the United States, three from the Ukraine, two from China, one from Estonia and one from Belarus."
U.S. Attorney General Michael B. Mukasey calls the indictments "the single largest and most complex identity theft case ever charged in this country," stressing that "computer networks and the Internet are an indispensable part of the world economy. But even as they provide extraordinary opportunities for legitimate commerce and communication, they also provide extraordinary opportunities for criminals."
- DOJ Press Release on the Indictments
- Case Information and Indictments (U.S. Attorney's Office - District of Massachusetts)
- Remarks of U.S. Attorney General Michael B. Mukasey (DOJ)
- Reuters: U.S. Charges 11 in Theft of TJX Customer Data
- Washington Post: 11 Charged in Global Theft, Sale of 40 Million Card Numbers
- Deter. Detect. Defend. Avoid ID Theft (Federal Trade Commission)
- Identity Theft FAQ (FindLaw)