J.C. Penney, 7-Eleven among companies targeted in massive hacking scheme

New York -- Five individuals have been charged with running a sophisticated, worldwide hacking organization that the U.S. Department of Justice called the largest hacking and data breach scheme ever prosecuted in the United States. The victims in the scheme included such retailers as J.C. Penney, 7-Eleven Inc., Carrefour and Hannaford Brothers Co.

A federal indictment made public Thursday in New Jersey charges five men — four Russian nationals and a Ukrainian — in the scheme that, over the course of seven years, targeted major corporate networks and stole more than 160 million credit-card numbers. All five are charged with taking part in a computer hacking conspiracy and conspiracy to commit wire fraud. The four Russian nationals are also charged with multiple counts of unauthorized computer access and wire fraud.

Other companies that were victimized included electronic stock exchange Nasdaq, JetBlue, Heartland Payment Systems Inc. and the Belgium bank Dexia Bank Belgium.

The individuals who purchased the credit and debit card numbers and associated data from the hacking organization resold them through online forums or directly to others known as “cashers,” according to the indictment, with U.S. credit card numbers selling for about $10 each; Canadian numbers were $15 and European ones $50.

The data was stored on computer servers all over the world, including in New Jersey, Pennsylvania, California, Illinois, Latvia, the Netherlands, Bahamas, Ukraine, Panama and Germany, the Associated Press said.

The cashers would encode the information onto the magnetic strips of blank plastic cards and cash out the value, by either withdrawing money from ATMs in the case of debit cards, or running up charges and purchasing goods in the case of credit cards.