Four Russian nationals and a Ukrainian have been charged with running a sophisticated hacking organization that penetrated computer networks of more than a dozen major American and international corporations over seven years, stealing and selling at least 160 million credit and debit card numbers. Indictments were announced today in Newark, where US Attorney Paul Fishman called the case the largest hacking and data breach scheme ever prosecuted in the United States. “The losses in this case are staggering,” he said. "This type of crime is really the cutting edge of financial fraud.”
New Jersey's Heartland Payment Systems, which processes credit and debit cards for small to mid-sized businesses, was identified as taking the biggest hit in a scheme starting in 2007—the theft of more than 130 million card numbers at a loss of about $200 million. Atlanta's Global Payment Systems, another major payment-processing company, had nearly 1 million card numbers stolen, with losses of nearly $93 million. Two of the five men were in custody, one in the US and one in the Netherlands. The individuals who purchased the credit and debit card numbers from the hacking organization resold them through online forums or directly to others known as "cashers," the indictment said. US credit card numbers sold for about $10 each; Canadian numbers were $15, and better-encrypted European ones $50.