The U.S. Justice Department declared indictments against 22 individuals who allegedly purchasing and using credit, debit, and gift cards that were stolen in a cyberattack from a National Retain Chain.
Followed by the indictment unsealed, the cyberattack occurred in 2016 and 2017 when an individual installed a malicious software program on multiple computers of the retail chain, which is headquartered in Chicago.
The malware allowed the co-schemer to capture data from more than three million payment cards, including credit cards, debit cards, and gift cards, that had been used at more than 400 of the company’s retail stores.
Subsequently, the co-schemer sold the card data for $4 million in bitcoin to another individual, who in turn sold it online to thousands of others, including the 22 charged defendants, the indictment states.
The defendants used data from the cards to purchase items at businesses throughout the country, including restaurants, gas stations, and hotels, the charges allege. At least 80 people were victimized by the defendants’ conduct, the indictment states.
The indictment claims that one of the defendants purchased more than 13,000 payment cards stolen from the retail chain, while another purchased more than 6,000 such cards. Others purchased between 2,000 and 4,000 payment cards.
The 22 individuals are charged for using the payment card information to make various purchases, including at gas stations, hotels, and restaurants.
The authorities said, “Twenty defendants were arrested this month and have begun making initial appearances in federal courts throughout the country”.
“Two defendants remain at large and are believed to be residing overseas. The investigation remains ongoing”. According to the Justice Department, each defendant faces up to 20 years in federal prison for charges of wire fraud and a two-year mandatory, consecutive prison sentence for aggravated identity theft.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
Also Read
Texas Man Charged With Intent of Planning to Kill 70% of the Internet
A critical vulnerability in the GNU C Library (glibc), potentially exposing millions of Linux systems…
Delegated Managed Service Accounts (dMSAs), introduced in Windows Server 2025, represent Microsoft's latest innovation in…
A critical vulnerability in Microsoft's Remote Desktop Gateway (RD Gateway) that could allow attackers to…
A new information-stealing malware dubbed "PupkinStealer" has been identified by cybersecurity researchers, targeting sensitive user…
The cybersecurity landscape in 2025 is defined by increasingly sophisticated malware threats, with attackers leveraging…
As artificial intelligence transforms industries and enhances human capabilities, the need for strong AI security…