Three people in Leon County, Florida, have been arrested in connection with the alleged misuse of stolen payment card details associated with last month's breach of the New Jersey payment processing company.
According to the Leon County Sheriff's office, the arrests come in the wake of a three-month investigation of a major stolen credit card ring in the United States, which also involved the Tallahassee Police Department and the US Secret Service.
Unconfirmed reports now suggest that around 220 card issuers across North America have had customers whose card data has been compromised, although Infosecurity notes that the number of institutions whose card accounts have been misused is much smaller than this.
A statement from the Leon County Sheriff's office said the three men were arrested after being caught using stolen credit card numbers to make fraudulent purchases at local Wal-Mart stores.
The three are said to have card information stolen from Heartland to "electronically encode Visa gift cards" which they would then use to purchase goods from retailers, the statement said, adding that the sums involved total more than $100 000.
Police, meanwhile, says that other investigations are ongoing and further arrests are likely.
The fact that the US Secret Services has been investigating the card data breach for three months suggests that the authorities may be on the way to tracking the fraudsters back up the data distribution tree, Infosecurity notes.
Unconfirmed reports suggest that the US Secret Service is throwing a lot of a resources at solving the crime, which involved hackers accessing significant amounts of card data on Heartland's computer systems, which process transaction data for more than 250 000 merchants across North America.
Heartland has yet to confirm the size and scale of the major data breach on its systems, but newswire reports are hinting that as many as 100 million cardholders could eventually be affected.
This would make it the largest payment card breach to date, surpassing the 45 million-plus card numbers the TJX Group admitted were stolen in a breach revealed in January of 2007.