A Florida man, the
ringleader of a group that used financial information stolen from TJX customers
for fraudulent purchases, was sentenced this week to five years in prison and
ordered to pay $600,000 in restitution.
Escobar, 19, of Miami,
pleaded guilty to charges that he used
fake credit cards layered with information stolen in the notorious data breach
to buy approximately $3 million in goods and gift cards.
was one of six people arrested in March for participating in the credit card
fraud ring. The group was accused of traveling around Florida purchasing large amounts of gift
cards – mostly at Wal-Mart and Sam's Club stores – with the stolen information.
arrests were the result of a joint investigation conducted by the Gainesville
(Fla.) Police Department and the Florida Department of Law Enforcement.
Dianelly Hernandez, Julio Alberti, Reinier Alvarez, and Zenia Llorente pleaded
guilty in August and were sentenced to probation, according to Florida Attorney
General Bill McCollum. Nair Alvarez, Escobar's mother, also pleaded guilty and
was deported to Venezuela.
Monahan, a partner with Javelin Strategy and Research, told SCMagazineUS.com
today that she hopes Escobar's sentencing will be followed by the arrests of the
individuals responsible for the breach itself.
a good sentence. He's the ringleader for the group down in Florida, and everyone else got probation," she said. “The thing is that he's actually a small fish. He's 19 years old, and
somebody supplied him with those credit card numbers, and hopefully they can
get that person.
spokesperson could not immediately be reached for comment.
enforcement authorities said last month they were hopeful that the arrest
of Ukrainian national Maksym Yastremskiy, 24, would lead them to the hackers
responsible for the TJX breach that compromised the credit card information of
about 45 million people.
was trafficking more than a million credit card numbers and likely had close
ties to the intruders, Greg Crabb, an agent with the U.S. Postal Inspection
Service's global investigations unit, said last month. Yastremskiy is believed
to have sold the credit card numbers for between $20 and $100 a piece.
analyst Avivah Litan told SCMagazineUS.com last month that law enforcement
authorities have told her the intruders are difficult to apprehend because they
are based overseas.
TJX breach was the result of a scheme that began in 2005 when intruders used a
“telephone-shaped antenna” and laptop to decode data moving among Marshalls store scanning
devices, cash registers and PCs that were using wireless LAN connectivity,
according to numerous published reports. The hackers may have ciphered data for
up to two years.
the parent company of TJ Maxx, Marshalls and other discount retailers, has
begun to feel the financial ramifications of the breach. The Framingham,
Mass.-based chain's second quarter income fell sharply this year, from $138
million during its second quarter in 2006 to $59 million in the same period this year. The freefall has been
attributed to an after-tax second-quarter charge of $118 million related to the
That amount is comprised of $11 million for costs incurred during the
quarter and $107 million in reserve funds to be used in the future for
“probable losses,” according to Securities and Exchange Commission filings.