The Face Of Identity TheftThe Face Of Identity Theft
Stolen TJX data has surfaced in two cases in Florida.
August 11, 2007
While the culprit (or culprits) who stole 45.7 million customer records from TJX remains at large and unknown, law enforcement officials have arrested at least 10 people since the beginning of the year for their roles in using that stolen information to commit fraud.
In July, the U.S. Secret Service announced the arrest of four Floridians: Miguel Alegria, 46, of Hialeah; Raynier Pupo, 22, of Miami; Ariel Montero, 32, of Aventura; and Javier Padron-Bravo, 35, also from Aventura. They're charged with aggravated identity theft, counterfeit credit card trafficking, and conspiracy. The Secret Service was able to trace the origin of the data used by these alleged fraudsters back to the TJX theft, as well as to a separate data breach at Polo Ralph Lauren.
The south Florida arrests resulted in the recovery of about 200,000 stolen credit card account numbers responsible for fraud losses roughly calculated to be more than $75 million. Agents also seized two pickup trucks, $10,000 cash, and a handgun in connection with the case.
This was the second high-profile bust related to the TJX breach. In March, the Gainesville Police Department and Florida Department of Law Enforcement caught six people with fake credit cards, created using stolen TJX data, who had bought $8 million worth of gift cards at Wal-Mart and Sam's Club stores in 50 of Florida's 67 counties. Police charged Irving Escobar, 18; Reinier Camaraza Alvarez, 27; Julio Oscar Alberti, 33; Dianelly Hernandez, 19; Nair Zuleima Alvarez, 40; and Zenia Mercedes Llorente, 23, with an organized scheme to defraud, a first-degree felony. Police issued additional warrants at the time, hoping to catch others involved in the fraud ring.
The alleged fraudsters were exposed when Wal-Mart employees became suspicious of certain shoppers who were using multiple gift cards--many of them worth $400--to pay for their purchases. The $400 denomination was significant because gift cards valued at $500 or more require the customer to provide some form of identification.
The arrests were made after police analyzed transaction records and video footage of the alleged perpetrators, who were buying large quantities of computers, gaming devices, and big-screen televisions.
Additional evidence suggests that TJX's exposure to fraud is likely worse than these two high-profile cases indicate. In January, Visa's director of fraud control e-mailed financial institutions that the data theft involved millions of card accounts across all major payment brands accepted by TJX. The e-mail also stated that 77% of the fraudulent transactions using stolen TJX customer information took place in the United States, particularly in California, Florida, Illinois, New York, and Texas.
Photo by Sacha Lecca
Return to the story:
The TJX Effect
About the Author(s)
You May Also Like
The Era of generative AI-enabled Security
7 Steps to Build Quantum Resilience
Solution Brief: Fortinet FortiFlex Delivers Usage-Based Security Licensing That Moves at the Speed of Digital Acceleration
Top Six Recommendations to Improve User Productivity with a Hybrid Architecture
An Ultimate Guide to the CISSP