Stolen TJX data used in Florida crime spree
Police told retailer months before company informed customers
InfoWorld - Law enforcement officials in Florida have arrested six individuals suspected of carrying out a fraud scheme built around the misuse of credit card data stolen from retailer TJX Cos.
In partnership with the Gainesville Police Department, officials from the Florida Department of Law Enforcement said they have taken six of 10 suspects into custody for allegedly using the TJX customer data to purchase large quantities of gift cards from discount chains Wal-Mart and Sam's Club.
The series of arrests marks the first specific instance of crime to be connected to the TJX data heist, although some banks previously reported that consumer accounts affected by the incident had been used in attempted fraud around the globe.
Florida Department of Law Enforcement officials confirmed that they initially reported the crime ring to Framingham, Mass.-based TJX in November 2006. The retail chain began informing its customers about the data breach -- blamed on a computer systems intrusion -- in mid-January.
TJX media representatives didn't immediately return calls seeking comment on the arrests.
The suspects were reported by Florida law enforcement officials to have been traveling throughout the state buying large quantities of Wal-Mart gift cards with the stolen credit card accounts, and then redeeming the cards at other locations. Among the items purchased by the scammers were computers, gaming devices and big-screen TVs.
Losses experienced by Wal-Mart and the banks issuing the credit cards total more than $8 million and are still being calculated, according to Florida officials. The suspects arrested were charged with "organized scheme to defraud," a first-degree felony, and had their bonds set at $1 million each.
Arrested and booked in Metro-Dade County for the crime spree were Irving Escobar, 18; Reinier Camaraza Alvarez, 27; Julio Oscar Alberti, 33; Dianelly Hernandez, 19; Nair Zuleima Alvarez, 40; and Zenia Mercedes Llorente, 23.
The Florida Department of Law Enforcement said that it has also issued warrants for four other people believed to be involved in the scheme.
The timeline established by the Florida arrests could help to shed light on the factors that pushed TJX -- which operates several North American and European retail chains, including T.J. Maxx, Marshalls, HomeGoods and A.J. Wright -- to inform the public of its data breach.
On Jan. 17, TJX first reported that a computer systems intrusion may have compromised the personal data of an undetermined number of its customers, with hackers obtaining individuals' credit card, debit card and check information, along with data related to merchandise return transactions.
While the company has refused to reveal how many customers may be affected by the incident, TJX officials have confirmed that a majority of the data involved belonged to people who shopped at its stores in the U.S., Canada and Puerto Rico during 2003, and between May and December 2006.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts