U.S. Indicts 11 For Alleged TJX Data Theft

The U.S. Attorney's office in Boston said that the individuals indicted were responsible for "wardriving" and then hacking into wireless networks of numerous retailers, including TJX companies, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, forever 21 and DFW Inc. in order to steal tens of millions of credit card numbers.

The Framington, Mass.-based retail giant TJX, which owns discount clothing stores TJ Maxx and Marshall's, was by far the hardest hit, suffering a loss of 45.7 million card numbers, which the retailer revealed in March of 2007.

"So far as we know, this is the single largest and most complex identity theft case ever charged in this country," said Attorney General Michael Mukasey, in a written statement. "It highlights the efforts for the Justice Department to fight this pernicious crime and shows that, with the cooperation of our law enforcement partners around the world, we can identify, charge and apprehend even the most sophisticated international computer hackers."

The charges targeted what authorities described as a sophisticated crime ring comprised of three individuals from the U.S., three from the Ukraine, two from China, one from Estonia and one from Belarus.

Officials said that members of the crime ring, headed by Albert "Segvec" Gonzalez, of Miami, lifted the numbers after breaking into the retailers' databases by installing "sniffer" programs to capture card numbers, as well as password and other account information. Authorities asserted that the hackers then then stored on computer servers controlled in the U.S. and Eastern Europe.

The indictment alleges that the hackers sold the stolen credit card information to people in the U.S. and Europe via the Internet, and claims that the defendants also used the stolen cards to illegally withdraw tens of thousands of dollars at a time from ATMs.

Gonzalez, who was previously arrested by the Secret Service in 2003 for access device fraud, faces new charges that include counts of computer, wire and access device fraud, as well as aggravated identity theft and conspiracy for involvement in a crime scheme.

Similar charges were brought against the U.S. defendants Christopher Scott and Damon Patrick Toey, both from Miami.

Gonzalez and other co-conspirators were allegedly able to conceal and launder the proceedings of their fraudulent activities by using anonymous Internet-based currencies within the U.S. and overseas, and by channeling funds through Eastern European bank accounts.

If found guilty for the current charges, Gonzalez, who had previously worked as a confidential informant for the Secret Service, faces a maximum penalty of life in prison due to the extensive size and scope of his criminal activities.

"While technology has made our lives much easier, it has also created new vulnerabilities. This case clearly shows how strokes on a keyboard with a criminal purpose can have costrel results. Consumers, companies and governments from around the world must further develop ways to protect our sensitive personal and business information and detect those, whether here or abroad, that conspire to exploit technology for criminal gain," said U.S. Attorney Michael Sullivan in a statement.

"These prosecutions demonstrate that, through coordinated commitment, the United States Secret Service and the Department of Justice will penetrate and prosecute hacker organizations, wherever based and however sophisticated."