Stolen TJX data has surfaced in two cases in Florida.
While the culprit (or culprits) who stole 45.7 million customer records from TJX remains at large and unknown, law enforcement officials have arrested at least 10 people since the beginning of the year for their roles in using that stolen information to commit fraud.
In July, the U.S. Secret Service announced the arrest of four Floridians: Miguel Alegria, 46, of Hialeah; Raynier Pupo, 22, of Miami; Ariel Montero, 32, of Aventura; and Javier Padron-Bravo, 35, also from Aventura. They're charged with aggravated identity theft, counterfeit credit card trafficking, and conspiracy. The Secret Service was able to trace the origin of the data used by these alleged fraudsters back to the TJX theft, as well as to a separate data breach at Polo Ralph Lauren.
The south Florida arrests resulted in the recovery of about 200,000 stolen credit card account numbers responsible for fraud losses roughly calculated to be more than $75 million. Agents also seized two pickup trucks, $10,000 cash, and a handgun in connection with the case.
Six people arrested in Florida allegedly had bought $8 million worth of Wal-Mart gift cards using stolen TJX data
This was the second high-profile bust related to the TJX breach. In March, the Gainesville Police Department and Florida Department of Law Enforcement caught six people with fake credit cards, created using stolen TJX data, who had bought $8 million worth of gift cards at Wal-Mart and Sam's Club stores in 50 of Florida's 67 counties. Police charged Irving Escobar, 18; Reinier Camaraza Alvarez, 27; Julio Oscar Alberti, 33; Dianelly Hernandez, 19; Nair Zuleima Alvarez, 40; and Zenia Mercedes Llorente, 23, with an organized scheme to defraud, a first-degree felony. Police issued additional warrants at the time, hoping to catch others involved in the fraud ring.
The alleged fraudsters were exposed when Wal-Mart employees became suspicious of certain shoppers who were using multiple gift cards--many of them worth $400--to pay for their purchases. The $400 denomination was significant because gift cards valued at $500 or more require the customer to provide some form of identification.
The arrests were made after police analyzed transaction records and video footage of the alleged perpetrators, who were buying large quantities of computers, gaming devices, and big-screen televisions.
Additional evidence suggests that TJX's exposure to fraud is likely worse than these two high-profile cases indicate. In January, Visa's director of fraud control e-mailed financial institutions that the data theft involved millions of card accounts across all major payment brands accepted by TJX. The e-mail also stated that 77% of the fraudulent transactions using stolen TJX customer information took place in the United States, particularly in California, Florida, Illinois, New York, and Texas.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.