Florida police have captured three men allegedly involved in the largest credit and debit card data breach in history.
Criminal trio Tony Acreus, Jeremy A. Frazier and Timothy J. Johns were arrested Feb. 10 for their participation in a major theft ring. According to a press release from the Leon County Sheriff’s Office, the three men used credit card information stolen from the records of New Jersey-based Heartland Processing System‘s processing center to electronically encode Visa gift cards. Those gift cards were then used to make fraudulent purchases at local businesses, including several Tallahassee Wal-Marts, with the merchandise then sold for cash.
The fraudsters allegedly ran up some sizable charges. “The total actual and declined fraudulent transaction in Leon County is currently in excess of $100,000,” the press release says. “This amount is expected to be much higher as this investigation continues.”
Acreus, Frazier and Johns are likely minor players in the far-reaching Heartland fraud.
The information originally stolen from Heartland includes names, credit and debit card numbers and expiration dates. That data was snatched using malicious software installed in Heartland’s networks, although the payment processor says it does not know how the software got there, how long it was in place or how many accounts it compromised. Nevertheless, the number is probably substantial, since Heartland processes more than 100 million card payments every month. Since the breach was disclosed Jan. 20, banks across the country have had to re-issue cards that may have been compromised.
The arrest of Acreus, Frazier and Johns follows a three-month investigation in which the Leon County Sheriff’s Office, Tallahassee Police Department and the U.S. Secret Service joined forces. Police will attempt to notify cardholders who were victimized by the group.
Even as police round up criminals linked to the Heartland theft, data breaches continue: Wyndham Hotels and resorts recently announced that a hacker was able to penetrate its computer systems and steal guest credit card information. The hacker accessed and downloaded “information from several, but not all, of the other WHR properties” in order to “create a unique file containing payment card information of a small percentage of our WHR customers,” a Wyndham press release says.
The hotel chain says it has provided American Express, Visa, MasterCard and Discover with the credit card numbers for accessed accounts so the payment networks can take appropriate action.
See related: Payment processor involved in massive data breach offers few answers, Heartland Payment Systems data breach claims a victim: me, Heartland data breach aftershocks continue