An international ring hacked into nine major U.S, companies and stole and sold more than 41 million credit and debit card numbers from 2003 to 2008, costing the companies and individuals hundreds of millions of dollars, reports the Boston Globe. “So far as we know, this is the single largest and most complex identity theft case ever charged in this country,” U.S. Attorney General Michael Mukasey said in Boston.
An indictment charged that Albert “Segvec” Gonzalez of Miami, the alleged ringleader, and his 10 conspirators cruised around with a laptop computer and tapped into accessible wireless networks. They then hacked into the networks of TJX, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Dave & Buster’s, Sports Authority, Forever 21, and DSW. The defendants – one from Estonia, three from Ukraine, two from China, one from Belarus, and one of unknown origin – allegedly concealed the data in encrypted computer servers. They sold some of the numbers, via the Internet, to other criminals, authorities alleged. It was not clear how much of the stolen information had been used. “The sheer number of retailers attacked by these cyber criminals demonstrates the much broader challenges in protecting sensitive consumer data from this increasing threat,” said a TJX spokeswoman. “Broader action beyond retailers alone is required to protect consumer data. Banks and the US payment card industry must join retailers and work together.”