41 million credit card numbers allegedly stolen in global ring; local firms affected
By David Abel and Jenn Abelson, Globe Staff | August 6, 2008 A ring of people spread across the globe hacked into nine major US companies and stole and sold more than 41 million credit and debit card numbers from 2003 to 2008, costing the companies and individuals hundreds of millions of dollars, federal law enforcement officials said yesterday.
"So far as we know, this is the single largest and most complex identity theft case ever charged in this country," US Attorney General Michael Mukasey said at a news conference at the John Joseph Moakley US Courthouse in Boston.
A grand jury indictment released yesterday charged that Albert "Segvec" Gonzalez of Miami, the alleged ringleader, and his 10 conspirators cruised around with a laptop computer and tapped into accessible wireless networks.
They then hacked into the networks of TJX, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Dave & Buster's, Sports Authority, Forever 21, and DSW. After gaining access to the systems, they installed programs that captured card numbers, passwords, and account information, officials said.
In addition to Gonzalez, two other Miami residents were charged in Boston and eight other alleged conspirators were charged in San Diego. The defendants - one from Estonia, three from Ukraine, two from China, one from Belarus, and one of unknown origin - allegedly concealed the data in encrypted computer servers they controlled in Europe and the United States. They sold some of the numbers, via the Internet, to other criminals, authorities alleged.
The suspected hackers also encoded some of the stolen numbers on the magnetic strips of blank credit or debit cards, which were then used to withdraw tens of thousands of dollars from ATM machines, officials said.