Slashdot Mirror
11 Charged In TJX, Other Breaches
coondoggie writes "The Justice Department has charged 11 people in connection with the massive theft of credit card numbers from various retailers, including TJX, BJs and OfficeMax. Authorities say the group charged was involved in the theft of more than 40 million credit and debit card numbers. In an indictment returned today by a federal grand jury in Boston, Albert 'Segvec' Gonzalez, of Miami, was charged with computer fraud, wire fraud, access device fraud, aggravated identity theft, and conspiracy for his role in the scheme. Others indicted are from the US, Estonia, China, and Belarus." We've been following the TJX breach since the beginning.
guys like this get caught, this is why I seldom do anything important off wire, even on my own wireless network...
"The indictment alleges that during the course of the sophisticated conspiracy, Gonzalez and his co-conspirators obtained the credit and debit card numbers by "wardriving" and hacking into the wireless computer networks of major retailers - including TJX Companies, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW."
If your going to offer a service for the love of God do at least something to make it safe, wide open wireless as a 'perk' is like led tainted lemon aid.
"Ahh! Arrogance and stupidity in the same package, how efficient of you!" --Londo Molari
Because they transmitted customers credit card information in plaintext over an unsecured wireless connection. Not saying they shouldn't be held responsible for their incompetence, but I'm shocked that they actually had to pay out $60,000,000 for it instead of just passing the blame.
What you could do is obtain a low balanced secure credit card for things you do on-line. A secured balance of say 500 to 1,000$ would be enough for most people and would be the most you could lose.
"Ahh! Arrogance and stupidity in the same package, how efficient of you!" --Londo Molari
Except that as long as you keep yourself covered by reporting fraud early, you don't get charged for those purchases that were not yours. Being responsible with a credit card is the answer, not burying your head in the sand.
How easy would it be to get fiscally wiped out by this kind of thing?
I've had a credit card "compromised" twice over the last ~10 years. In the first case, I noticed the fraudulent charges on my statement and contacted the card issuer. They promptly reversed every single one of the charges and my liability was zero. In the second case, the card issuer actually phoned me to ask about a series of suspicious charges. My statement wasn't even due to arrive for another couple weeks. When I told them I had not made the purchases in question, then promptly reversed every single one of the charges and my liability was zero.
IMO the real risk is identity theft - when a scammer gets hold of enough of your info to open accounts in your name, apply for credit, etc. It's never happened to me but I've heard it's a real nightmare to get corrected when it happens. Having a credit card may or may not make you more vulnerable to identity theft. I make it a policy to use a shredder on any paperwork that could potentially be used to build a profile on me ... nothing goes straight into the trash.
If libertarians are so opposed to effective government, why don't they all move to Somalia?
actually, with a proper credit card (not a debit card) you are not responsible for charges that are not yours. If you lose your card, and report it missing, the most that can be charged to you is $50. For fraud, you have to file a police report, and report it to your bank, but you should not be responsible for paying it. However, you might spend alot of time, filling out that paperwork, disputing problems on your credit history because of it, etc.. These protections do not exist for most checking, savings, or debit accounts..
If you order something online, and it doesn't get delivered or whatever, most card companies will allow you to request a charge-back, where they just reverse the charge, and then it is up to the merchant to deal with your card company...
What are we going to do tonight Brain?
let me guess, not a lawyer?
http://www4.law.cornell.edu/uscode/18/usc_sec_18_00001028---A000-.html
(a) Offenses.--
(1) In general.-- Whoever, during and in relation to any felony violation enumerated in subsection (c), knowingly transfers, possesses, or uses, without lawful authority, a means of identification of another person shall, in addition to the punishment provided for such felony, be sentenced to a term of imprisonment of 2 years.
(2) Terrorism offense.-- Whoever, during and in relation to any felony violation enumerated in section 2332b (g)(5)(B), knowingly transfers, possesses, or uses, without lawful authority, a means of identification of another person or a false identification document shall, in addition to the punishment provided for such felony, be sentenced to a term of imprisonment of 5 years.
(c) Definition.-- For purposes of this section, the term "felony violation enumerated in subsection (c)" means any offense that is a felony violation of--
(1) section 641 (relating to theft of public money, property, or rewards [1]), section 656 (relating to theft, embezzlement, or misapplication by bank officer or employee), or section 664 (relating to theft from employee benefit plans);
(2) section 911 (relating to false personation of citizenship);
(3) section 922 (a)(6) (relating to false statements in connection with the acquisition of a firearm);
(4) any provision contained in this chapter (relating to fraud and false statements), other than this section or section 1028 (a)(7);
(5) any provision contained in chapter 63 (relating to mail, bank, and wire fraud);
(6) any provision contained in chapter 69 (relating to nationality and citizenship);
(7) any provision contained in chapter 75 (relating to passports and visas);
(8) section 523 of the Gramm-Leach-Bliley Act (15 U.S.C. 6823) (relating to obtaining customer information by false pretenses);
(9) section 243 or 266 of the Immigration and Nationality Act (8 U.S.C. 1253 and 1306) (relating to willfully failing to leave the United States after deportation and creating a counterfeit alien registration card);
(10) any provision contained in chapter 8 of title II of the Immigration and Nationality Act (8 U.S.C. 1321 et seq.) (relating to various immigration offenses); or
(11) section 208, 811, 1107(b), 1128B(a), or 1632 of the Social Security Act (42 U.S.C. 408, 1011, 1307 (b), 1320a-7b (a), and 1383a) (relating to false statements relating to programs under the Act).
There's nothing Intelligent about Intelligent Design.
http://en.wikipedia.org/wiki/Aggravation_(legal_concept)
Aggravation, in law, is "any circumstance attending the commission of a crime or tort which increases its guilt or enormity or adds to its injurious consequences, but which is above and beyond the essential constituents of the crime or tort itself."[1]
"Ahh! Arrogance and stupidity in the same package, how efficient of you!" --Londo Molari
Having horrible credit has made me significantly less vulnerable for years.
A friend and I were robbed at gunpoint once after a night out. We had both started a new job that day and had our social security cards on us (employer needed copies, we went out immediately after work), check books and, obviously, drivers' licenses, everything.
This was about 6 years ago. We're still both cleaning up our credit. Him, from identity theft. Me, from my own stupidity; they weren't able to open a single account in my name.
Sadly, it appears that I'll be free and clear long before he will.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
Gonzalez and others were allegedly able to conceal and launder their fraud proceeds by using anonymous Internet-based currencies both within the United States and abroad, and by channeling funds through bank accounts in Eastern Europe, the DOJ said.
...WoW gold?
They'll have a heck of a time suing when they knew before hand of the sloppy security measures and actually game them an extension on PCI compliance: http://www.darkreading.com/document.asp?doc_id=138838
Harder than you'd think.
If you use credit responsibly, and have a reasonable fallback of savings, the worst case is a temporary loss of access to credit. You aren't liable for this type of fraud if it happens to you. It's just that three month period of proving it was fraud that would suck if you depend on your credit card to live day to day.
I had my credit card info stolen as part of the TJX breach. Whoever ended up with the data maxed out my card in an internet cafe in Paris ($6200 over two days... In an internet cafe...). There was a lot of paperwork and phone calls, but the overall outcome was that I didn't have access to $6200 in credit for 90 days, and I was slightly hassled.
It is ridiculously unlikely that you are going to get your identity stolen in such a way that you will be completely, irrecoverably wiped out... And having a credit card doesn't really increase your chances of that all that much. They can do that to you even if you don't have a credit card.
They have different words for snow too.
What does cocaine have to do with any of this ? :P
-Billco, Fnarg.com
The shredder is good advice. Also make sure your physmail gets delivered to something that locks, like a PO box or an apartment mailbox. Mail theft from those Leave It To Beaver on-street mailboxes is a real problem.