Biggest Credit Card Identity Theft in History Involves 7-Eleven, Hannaford

The United States Justice Department has announced that Albert Gonzalez, 28, from Miami, Florida acted with two unnamed Russian conspirators to steal from Fortune 500 companies — resulting in “the single largest hacking and identity theft case ever prosecuted.” Gonzalez was once a United States Secret Service informant.

The Justice Department says that more than 130 million credit and debit card numbers were sniffed in a corporate data breach involving theft of card numbers — along with account information — from Princeton-based Heartland Payment Systems, 7-Eleven Inc. and Hannaford Brod Company. Two individuals were also reported to be victims of the credit card crime. Hannaford is a grocery store chain based in Maine.

Once identity information was stolen, the three used their own servers to sell data to others, who would use the identify information to make fraudulent purchases, unauthorized withdrawals, and commit other identity theft offenses.

Recent Identity Theft Cases …

Previous Biggest Case …

Last August, 2008 the U.S. Department of Justice announced that 11 people had been charged in connection with the theft of credit-card details in the country’s largest-ever identity theft case.

Three US citizens and other citizens from Estonia, Ukraine, Belarus and China were accused of stealing more than 40 million credit and debit card numbers before selling the information. The offenders allegedly hacked into the computer systems of several major US retailers and installed software to access account details and passwords. They started the hacking process by obtaining account information and password details by driving in neighborhoods and hacking into Wi-Fi networks.

The criminals in last year’s case targeted TJX Corporation – which operates the TJ Maxx chain of shops – BJ’s Wholesale Club, Barnes and Noble, Sports Authority, Boston Market, Office Max, Dave and Busters, DSW shoe stores and Forever 21.

Just last month …
In July, 2009 domain service registrar Network Solutions were victims of hackers who broke into Web servers and planted code that resulted in putting at risk more than 573,000 debit and credit card accounts over the past three months.

Herndon, Virginia based Network Solutions discovered in early June that attackers had hacked into Web servers the company uses to provide e-commerce services to predominantly mom-and-pop online stores. The e-commerce package included everything from Web hosting to payment processing to over 4,300 customers. Malicious code intentionally left behind by the identity theft offenders allowed them to intercept personal and financial information for customers who purchased from those mom-and-pop online stores.

Payment data stolen was captured from transactions made between March 12, 2009 and June 8, 2009.

In July, Network Solutions began notifying affected customers by e-mail and postal mail, and is offered to pay for 12 months of credit monitoring service through TransUnion for each customer whose financial and personal data was compromised.