Ring responsible for TJX mega-breach, eight others, busted

Federal authorities have busted the criminal ring responsible for the largest hacking and identity theft case in history.

On Tuesday, authorities charged 11 people with stealing more than 40 million credit and debit card numbers from Framingham, Mass.-based TJX and eight other retailers. These included some of the largest reported hacks of all time, including BJ's Wholesale Club and DSW.

The U.S. Attorney's Office in Boston said that the ring was led by Albert Gonzalez of Miami. That is the same city where officials believe the TJX heist began, when hackers broke into the insecure wireless connections at two Marshalls locations.

Gonzalez' gang included people from the United States, Ukraine, China, Estonia and Belarus. They hacked into retailers' wireless networks, and once inside, installed “sniffer” programs to capture unencrypted card numbers and passwords.

The indictment alleges that after they collected the data, the conspirators concealed data on servers they controlled in Eastern Europe and the United States. Then they sold the credit and debit card numbers on the internet. The stolen numbers were encoded onto the magnetic strips of counterfeit blank cards and used to withdraw tens of thousands of dollars from ATMs.

The gang was further able to conceal and launder the proceeds by using anonymous internet-based currencies in the United States and abroad, and by channeling funds through bank accounts in Eastern Europe, authorities said.

According to the indictment, members of the gang were also involved in a sophisticated scheme to hack into computer networks run by the Dave & Buster's restaurant chain, from which they stole credit and debit card numbers at 11 locations.

Because of the size and scope of the criminal activity, Gonzalez faces a maximum penalty of life in prison if convicted of all the charges.