Feds Charge 11 in Theft of 40 Million Credit Card Accounts

The U.S. Justice Department said Tuesday that it had charged 11 people in a global crime ring of stealing and selling some 40 million credit and debit card numbers over the past five year. Prosecutors said they believed it was the largest identity theft case ever brought.

Justice said that the 11 people – from Belarus, China, Estonia, Ukraine and the United States – were charged with conspiracy, computer intrusion, fraud and identity theft. One of the individuals charged has not been located.

Retailers that were impacted by the thefts include T.J. Maxx, Marshalls, Barnes & Noble, BJ’s Wholesale Club and Sports Authority.

According to prosecutors, the thefts had been taking place since 2003. But the scope and scale of the operation was not realized until TJX Cos., owners of T.J. Maxx and Marshalls, announced in March 2007 a security breach going back to 2005 that involved some 45 million consumer accounts (“TJX Says 45.7 million Credit Card Numbers Stolen in Breach,” March 30, 2007).

When authorities began investigating that breach, they discovered that many announced security breaches, which seemed unrelated, were in fact done by the same people.

"This was a big deal — that they finally proved it’s all linked," Avivah Litan, an analyst with Gartner Consulting, told the Washington Post. "It’s the same guys, the same criminals."
.
The investigation involved the U.S. Secret Service, the Justice Department, the IRS, and numerous state agencies. "This truly has been a collaboration," said Secret Service Director Mark Sullivan. "This is the largest, most sophisticated identity-theft ring ever prosecuted by the DOJ."