First arrests made in Heartland data breach case

Three men have been arrested in Tallahasee, Fla., in connection with the Heartland Payment Systems data breach, authorities said.

The men, Tony Acreus, Jeremy Frazier and Timothy Johns, each were charged with multiple counts of credit card fraud, police said. The arrests were part of a larger investigation into the breach, possibly the largest of all time, which was first disclosed in January.

“The investigation is ongoing, and we expect that it will likely produce additional charges and additional arrests -- possibly throughout Florida or even nationwide,” Sgt. Tony Drzewiecki, spokesman for the Leon County, Fla, Sheriff's Office, told SCMagazineUS.com on Friday.

The men lived in Tallahassee, but they have ties to other parts of the state.

“There is no evidence that they were the masterminds of this breach,” Drzewiecki said. “All that we were able to connect is that the credit card numbers were stolen in the hijacking of the records from the Heartland processing center.”

The suspects were running a sophisticated criminal enterprise, according to police. Law enforcement organizations, which included the U.S Secret Service, are looking into how the men were able to obtain the data.

“Part of the investigation,” said Drzewiecki, “is how did they get hold of those numbers?'”

Heartland has yet to disclose how many victims may have had their credit or debit card numbers exposed in the heist, which involved hackers using sophisticated data-sniffing malware. The nonprofit Open Security Foundation, a data breach clearinghouse, said 101 banks have been affected by the breach, meaning these institutions have had to reissue cards.