Eleven charged with largest ID theft in US

Rob Stringer

US prosecutors have charged 11 people in connection with the theft of over 45 million credit and debit card details from nine different stores last year.

Touted as the country’s largest ever ID fraud case, the accused allegedly hacked into computer systems of the major US retailers, which included TJX, owners of TK Maxx.

Prosecutors called the incident an ‘international conspiracy’ with those charged including three US citizens, three Ukranians, two Chinese, an Estonian, a Belo-Russian and one who has yet to be identified.

The suspects allegedly drove around neighbourhoods, hacking into wireless equipment in order to harvest numbers, account information and password details, which they concealed in computer servers in the US and Europe.

“The fact that it was a global operation suggests that it was highly organised,” says George Fyffe, head of EMEA operations, Application Security, Inc., who calls the bust a ‘wake up call to those on higher levels’ such as the Government. Fyffe says that we ‘need to focus on protecting back end data’.

“People have wrongly assumed ‘I have a firewall so I’m protected’, but these kinds of operations probably have a lot of inside help.”

Fyffe suggests that similar large-scale fraud may happen here in the UK, however “the law in the US mandates that people are told”.

"Why does this feel like Groundhog Day?!” asks Ray Stanton, BT's global head of business continuity, security & governance practice.

"Fundamental apathy to audit and review process and technology controls should not be accepted as any form of good practice. Organisations that fail to adopt and adhere to the basics should accept they are the victims and it is their own faults! The unacceptable element that goes with this, is [that] these organisations are entrusted with other peoples…information. It IS their duty of care to look after it."

Stanton adds "I look forward to the day we hear about the most ingenious technology attack, that no one could have foreseen!"

Attorney General Michael Mukasey, however, uses the event to caution would-be criminals.

"Cases like these send a clear message to those who might be tempted to abuse our computer networks to steal information and harm law-abiding people and businesses. If you do, we will track you down wherever you are in the world, we will arrest you and we will send you to jail."