Criminal Justice

11 Charged in Biggest ID Theft Case Ever

Updated: The U.S. Attorney’s Office in Boston reportedly has charged 11 individuals from four countries in what is believed to be the largest identity theft case ever prosecuted by the Justice Department.

Those charged allegedly stole more than 40 million debit and credit card numbers, many of them used by customers at TJX Cos. Inc., according to Reuters. The discount retailer operates T.J. Maxx stores, among others.

An alleged ringleader, Albert Gonzalez of Miami, is accused of hacking into the computer systems of TJX, Barnes & Noble, BJ’s Wholesale Club, Boston Market, DSW Inc., Forever 21, OfficeMax and Sports Authority. He was already being held in New York on another hacking-related charge, and is now charged in this case with aggravated identity theft, computer fraud, wire fraud, access-device fraud and conspiracy, the news agency says.

The other suspects, who are not named in the Reuters article, include at least two more from the United States, one from Belarus, two from China, one from Estonia and three from the Ukraine.

According to a prosecutor speaking at a press conference that was still ongoing at 1:25 p.m. CT, Gonzales targeted at least some vulnerable computer systems by “war-driving”—that is to say, driving around with a laptop computer to see what wireless sites it can access. Because of the scope of the case, he could face a life prison term if he is convicted.

Reports Reuters: “TJX has agreed to pay more than $60 million to credit-card networks Visa Inc and MasterCard Inc to settle complaints related to the incident, which is one of the largest on record based on the number of accounts involved.”

As discussed in an earlier post, the company discovered in December 2006 that about 45 million debit and credit card numbers had been stolen by hackers during the course of a year or so. The data security breach, believed to be the largest ever in the U.S., was expected to cost about $256 million to correct.

It looks as if hackers entered through unprotected wireless local-area networks, and set up an operation within the TJX network to capture card data, security expert Avivah Litan of Gartner, who apparently is not involved in the case, told Network World last year. “They basically used a program to just capture the data.”

Additional coverage:

Associated Press: “11 charged in connection with credit card fraud”

Department of Justice: “Retail Hacking Ring Charged for Stealing and Distributing Credit and Debit Card Numbers from Major U.S. Retailers”

Updated at 4:24 p.m., central time, to include AP coverage and DOJ press release.

We welcome your comments, but please adhere to our comment policy and the ABA Code of Conduct.

Commenting is not available in this channel entry.