Protecting yourself, Research, regulation, industry reports

Feds charge 11 in largest identity theft case in U.S. history

Matt Schulz

Barnes & Noble shoppers beware. Your credit card information may have been stolen in a complex international plot that seems right out of a best-selling crime novel.

The bookseller wasn’t alone, however. In all, more than 40 million credit card and debit card numbers were allegedly stolen from several major retailers in what was dubbed the largest identity theft case in U.S. history. Along with Barnes & Noble, the retailers in question include TJX Cos., BJ’s Wholesale Club, OfficeMax, Boston Market, Sports Authority, Forever 21 and DSW.

Federal prosecutors charged 11 people in the case on Tuesday.

“So far as we know, this is the single largest and most complex identity theft case ever charged in this country,” said Attorney General Mukasey in a statement from the U.S. Department of Justice. “It highlights the efforts of the Justice Department to fight this pernicious crime and shows that, with the cooperation of our law enforcement partners around the world, we can identify, charge and apprehend even the most sophisticated international computer hackers.”

The 11 people — including three U.S. citizens, five Eastern Europeans, two Chinese citizens and one person of unknown origin — were charged with numerous crimes, such as conspiracy, computer intrusion, fraud and identity theft.

Here’s how the indictment says it happened: It alleges the co-conspirators hacked into the retailers’ wireless computer networks and installed ‘sniffer’ programs that would capture card numbers, passwords and other account information. Then they tucked the data away on encrypted servers in the U.S. and Europe and eventually sold some of the information to people in those areas.

The DOJ release says, “The stolen numbers were ‘cashed out’ by encoding card numbers on the magnetic strips of blank cards. The defendants then used these cards to withdraw tens of thousands of dollars at a time from ATMs.” The statement goes to say that the accused “were allegedly able to conceal and launder their fraud proceeds by using anonymous Internet-based currencies both within the United States and abroad, and by channeling funds through bank accounts in Eastern Europe.”

Federal prosecutors said this case should serve as a wake-up call. “Consumers, companies and governments from around the world must further develop ways to protect our sensitive personal and business information and detect those, whether here or abroad, that conspire to exploit technology for criminal gain,” said U.S. Attorney Michael J. Sullivan.

This also drives home the importance of diligently watching over your credit card statement each month and keeping abreast of changes to your credit report on a regular basis. After all, despite the best efforts of all involved, this certainly won’t be the last of these huge hacking cases, but there are things that you can do to protect yourself from the next one.

See related: What to do before, after you lose your credit cards; How to read, understand your credit report; If you’re a victim of fraud or identity theft; Know the latest credit card fraud techniques; The identity theft and meth connection

Join the Discussion

We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, we ask that you do not disclose confidential or personal information such as your bank account numbers, social security numbers, etc. Keep in mind that anything you post may be disclosed, published, transmitted or reused.

The editorial content on is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company's business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.

  • Sort of makes me wish for a cash-based economy again. At least someone has to get within a few feet of you to steal your paper money. Until such time as cash comes back, though, I’ll just be using a paper shredder for everything that could be used to get my personal information.