Slashdot Mirror

← Back to Stories (view on slashdot.org)

11 Charged In TJX, Other Breaches

Posted by kdawson on from the wardriving-for-profit dept.

coondoggie writes "The Justice Department has charged 11 people in connection with the massive theft of credit card numbers from various retailers, including TJX, BJs and OfficeMax. Authorities say the group charged was involved in the theft of more than 40 million credit and debit card numbers. In an indictment returned today by a federal grand jury in Boston, Albert 'Segvec' Gonzalez, of Miami, was charged with computer fraud, wire fraud, access device fraud, aggravated identity theft, and conspiracy for his role in the scheme. Others indicted are from the US, Estonia, China, and Belarus." We've been following the TJX breach since the beginning.

5 of 77 comments (clear)

  1. Re:And here I was by QuantumRiff · · Score: 5, Informative

    actually, with a proper credit card (not a debit card) you are not responsible for charges that are not yours. If you lose your card, and report it missing, the most that can be charged to you is $50. For fraud, you have to file a police report, and report it to your bank, but you should not be responsible for paying it. However, you might spend alot of time, filling out that paperwork, disputing problems on your credit history because of it, etc.. These protections do not exist for most checking, savings, or debit accounts..

    If you order something online, and it doesn't get delivered or whatever, most card companies will allow you to request a charge-back, where they just reverse the charge, and then it is up to the merchant to deal with your card company...

    --

    What are we going to do tonight Brain?
  2. aggravated identity theft: defined by deft · · Score: 3, Informative

    let me guess, not a lawyer?

    http://www4.law.cornell.edu/uscode/18/usc_sec_18_00001028---A000-.html

    (a) Offenses.--
    (1) In general.-- Whoever, during and in relation to any felony violation enumerated in subsection (c), knowingly transfers, possesses, or uses, without lawful authority, a means of identification of another person shall, in addition to the punishment provided for such felony, be sentenced to a term of imprisonment of 2 years.
    (2) Terrorism offense.-- Whoever, during and in relation to any felony violation enumerated in section 2332b (g)(5)(B), knowingly transfers, possesses, or uses, without lawful authority, a means of identification of another person or a false identification document shall, in addition to the punishment provided for such felony, be sentenced to a term of imprisonment of 5 years.

    (c) Definition.-- For purposes of this section, the term "felony violation enumerated in subsection (c)" means any offense that is a felony violation of--
    (1) section 641 (relating to theft of public money, property, or rewards [1]), section 656 (relating to theft, embezzlement, or misapplication by bank officer or employee), or section 664 (relating to theft from employee benefit plans);
    (2) section 911 (relating to false personation of citizenship);
    (3) section 922 (a)(6) (relating to false statements in connection with the acquisition of a firearm);
    (4) any provision contained in this chapter (relating to fraud and false statements), other than this section or section 1028 (a)(7);
    (5) any provision contained in chapter 63 (relating to mail, bank, and wire fraud);
    (6) any provision contained in chapter 69 (relating to nationality and citizenship);
    (7) any provision contained in chapter 75 (relating to passports and visas);
    (8) section 523 of the Gramm-Leach-Bliley Act (15 U.S.C. 6823) (relating to obtaining customer information by false pretenses);
    (9) section 243 or 266 of the Immigration and Nationality Act (8 U.S.C. 1253 and 1306) (relating to willfully failing to leave the United States after deportation and creating a counterfeit alien registration card);
    (10) any provision contained in chapter 8 of title II of the Immigration and Nationality Act (8 U.S.C. 1321 et seq.) (relating to various immigration offenses); or
    (11) section 208, 811, 1107(b), 1128B(a), or 1632 of the Social Security Act (42 U.S.C. 408, 1011, 1307 (b), 1320a-7b (a), and 1383a) (relating to false statements relating to programs under the Act).

    --

    There's nothing Intelligent about Intelligent Design.
  3. Legal speak for really bad... by FireStormZ · · Score: 5, Informative

    http://en.wikipedia.org/wiki/Aggravation_(legal_concept)

    Aggravation, in law, is "any circumstance attending the commission of a crime or tort which increases its guilt or enormity or adds to its injurious consequences, but which is above and beyond the essential constituents of the crime or tort itself."[1]

    --
    "Ahh! Arrogance and stupidity in the same package, how efficient of you!" --Londo Molari
  4. Re:Good! by Nos. · · Score: 3, Informative

    They'll have a heck of a time suing when they knew before hand of the sloppy security measures and actually game them an extension on PCI compliance: http://www.darkreading.com/document.asp?doc_id=138838

  5. Re:And this was all..... by The+Breeze · · Score: 3, Informative

    Actually, if memory serves, the TJ Maxx connection was a wireless link between two buildings - it was a WEP connection. So, yeah, it was encrypted, but it only took them about 10 minutes to crack it. Too bad the company was too lazy to use WPA. The other interesting part about this (again going from memory) is that they popped the back cover off one of those "Apply for a Job" kiosks in the store, and lo and behold, the job kiosk was on the hardwire, unencrypted network. Oops. And then the bad guys plugged in a USB key with a bootable Linux system on it. Double oops. They then had access to everything on the corporate network. Everything. Triple oops.

    -Steve