TJX hacking ring charged in federal indictment

An indictment handed down Tuesday alleges 11 people schemed to steal millions of credit and debit card numbers from TJX and other retailers.

This is the single largest and most complex identity theft case ever charged in this country.
Michael B. Mukasey
Attorney General
The U.S. Department of Justice announced Tuesday that 11 people have been charged in connection with the theft and sale of more than 40 million credit and debit cards from major retailers, including TJX Companies Inc.

"So far as we know, this is the single largest and most complex identity theft case ever charged in this country," Attorney General Michael B. Mukasey said in a prepared statement.

Three of the defendants are from the U.S., one is from Estonia, three are from Ukraine, two are from China, and one is from Belarus.

The indictment, returned in Boston, alleges that Albert "Segvec" Gonzales of Miami and others schemed to steal credit and debit card numbers by wardriving and hacking into the wireless networks of stores owned by TJX, BJ's Wholesale Club Inc., OfficeMax Inc., Boston Market Inc., Barnes & Noble Inc., The Sports Authority Inc., Forever 21 Inc., and DSW Inc. The ring allegedly installed sniffers on the retailers' networks to capture card numbers, passwords and account information.

In March of 2007, TJX disclosed that hackers had stolen at least 45.7 million customer credit and debit card data.

Preventing data leakage:
Data leakage detection and prevention: While corporate data loss is not a new concern, newer technologies are emerging to help combat the threat. In this tip, Joel Dubin advises how to reduce data leaks.

Deploying secure wireless LANs: Wireless networks have taken a beating in the financial world since it was discovered that the massive TJX data breach was enabled by an insecure Wi-Fi network
Prosecutors said the suspects hid the stolen data in encrypted computer servers in the U.S. and Eastern Europe, and sold some of the credit and debit card numbers over the Internet to other criminals. Authorities said the stolen numbers were encoded on the magnetic strips of blank cards, which the defendants used to withdraw tens of thousands of dollars from ATMs.

Gonzales was charged with computer fraud, wire fraud, access device fraud, aggravated identity theft and conspiracy. He faces life in prison if convicted of all the charges.

Indictments unsealed in San Diego charged Maksym Yastremskiy and Aleksandr Suvorov in connection with the sale of the credit card data stolen by Gonzales and others, as well as additional stolen credit card information. In May, Gonzales, Yastremskiy and Suvorov were charged in a related indictment for hacking into computer systems at 11 restaurants owned by Dave & Buster's Holdings Inc., and stealing credit and debit card numbers.

On Tuesday, Yastremskiy and Suvorov were indicted with six others on charges of operating an international ring dealing in stolen credit and debit cards. According to prosecutors, Yastremskiy made more than $11 million from his criminal activity.

Dig deeper on Information Security Laws, Investigations and Ethics

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close