NEW YORK — The Department of Justice announced Tuesday that it has charged 11 people in connection with the hacking of nine major U.S. retailers and the theft and sale of more than 41 million credit- and debit-card numbers.
It is believed to be the largest hacking and identity-theft case ever prosecuted by the Department of Justice. The charges include conspiracy, computer intrusion, fraud and identity theft.
The indictment returned Tuesday by a federal grand jury in Boston alleges that the people charged hacked into the wireless computer networks of retailers that included TJX Cos., BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW.
“While technology has made our lives much easier it has also created new vulnerabilities,” U.S. Attorney Michael J. Sullivan said in a statement. “This case clearly shows how strokes on a keyboard with a criminal purpose can have costly results.”
The indictment alleges that the hackers installed programs to capture card numbers, passwords and account information, and then concealed the data in computer servers that they controlled in the U.S. and Eastern Europe.
“They used sophisticated computer hacking techniques that would allow them to breach security systems and install programs that gathered enormous quantities of personal financial data, which they then allegedly either sold to others or used themselves,” Attorney General Michael Mukasey said at a news conference. “And in total, they caused widespread losses by banks, retailers and consumers.”
Mukasey said the total dollar amount of the alleged theft is “impossible to quantify at this point.”
Sullivan said officials still haven’t identified all the victims who had a credit- or debit-card number stolen.
“I suspect that a lot of people are unaware that their identifying information has been compromised,” he said.
