Feds Say 5 Hackers Stole 160 Million Credit Card Numbers

Thinkstock, Imagebank
Federal prosecutors charged five men Thursday with stealing 160 million credit card numbers over the course of seven years, in what is being called the largest data theft case ever prosecuted in the U.S.

Paul Fishman, the U.S. attorney in New Jersey, said that hackers from Russia and Ukraine participated in a "worldwide scheme that targeted major corporate networks, stole more than 160 million credit card numbers and resulted in hundreds of millions of dollars in losses," reports Bloomberg Law.

Their collaborator in the far-reaching scheme was Albert Gonzalez, a hacker currently serving 20 years in federal prison for stealing credit card numbers from retailers including 7-Eleven and OfficeMax (OMX).

Sponsored Links
The stolen payment data was encoded onto magnetic strips and used to make purchases at merchants and withdraw money from ATMs. Reuters reports that corporate victims of the scheme include Visa (V), NASDAQ, J.C. Penney (JCP) and JetBlue (JBLU), and the U.S. attorney said that just three of the victimized companies account for $300 million in losses.

Federal law severely limits consumers' liability in cases of credit or debit card fraud, so such data breaches ultimately have the greatest impact on financial institutions. That doesn't mean they can't be a tremendous headache for cardholders, though -- especially those who don't notice the fraudulent charges right away.

And this case is yet another reminder that even the most careful consumers can become victimized by identity theft and financial fraud if the companies they do business with are breached. As such, it's important to take proactive steps to protect yourself, including monitoring your accounts carefully, setting up account alerts for unusual activity and signing up for an identity theft protection service.

Matt Brownell is the consumer and retail reporter for DailyFinance. You can reach him at Matt.Brownell@teamaol.com, and follow him on Twitter at @Brownellorama.

Seven Ways to Protect Your Identity

Seven Ways to Protect Your Identity
See Gallery
Feds Say 5 Hackers Stole 160 Million Credit Card Numbers
Identity theft typically surges during the holidays as shoppers slap down their plastic more often in stores and make more purchases online.

Perhaps the worst part about identity theft is that victims often don't know what's happened until substantial damage to their credit score or their savings has been done. Here are seven ways to prevent identity theft from ruining your holidays.
Read the Article
Just like semi-annual teeth cleanings, consumers should make a point to check their credit score on a regular basis.

You can get a free credit report every 12 months from each of the major credit bureaus, Equifax, Experian and TransUnion. To request a report, go to annualcreditreport.com. Look for any questionable accounts like a credit card or a car loan that you never signed up for and contact the credit bureaus immediately to report them.
Consumers should be just as vigilant about combing through their monthly credit-card statements. Besides confirming that you weren't accidentally charged twice for a purchase, pay close attention to small credit-card charges. Identity thieves will often charge a very small amount, like $1, to verify that the credit card works.

Ask the credit cards' customer service department to set up an alert to notify you of suspicious charges in the future. These alerts are typically free.
For online shoppers, some credit-card issuers offer single-use credit-card numbers that only work for one online transaction.

MasterCard also offers SecureCode, which prompts credit-card holders to input a code -- just like a PIN -- that's only known by the user and the issuer to finalize a purchase at participating retailers.
Using the web to do your holiday shopping is fast and convenient -- but it's also a prime opportunity for identity thieves to hack into your personal information. To protect against such online nuisances, install the latest virus protection software, and put a firewall in place for computers with a high-speed Internet connection.

Another simple security measure: Before clicking the "Buy Now" button, make sure the URL of the web site you're shopping on begins with "https://" and there's a locked padlock on the page.
A thief who steals a debit card can wipe out an entire bank account -- and the victim will have little to no way of retrieving that cash.

Credit cards, on the other hand, have certain consumer protections in place. Most credit-card issuers, for example, won't hold the consumer liable for charges made while the credit card was stolen, says Jay Foley, executive director of the Identity Theft Resource Center.
Think twice before taking a phone call with someone claiming to be your lender or a possible employer. It could easily be an identity thief trying to gain access to your personal information.

The only time a consumer should give any of their personal information is if they're contacting the lender. Should you receive a call, ask the caller for his or her name, title, department and phone number. Then call the company's general phone number and ask if the person works there and if their statements about your account are valid.
While identity thieves may be more tech-savvy than they used to be, the old-fashioned method of gathering personal information -- sorting through a stranger's garbage - hasn't entirely gone out of vogue.

To prevent your trash from divulging your identity, start shredding anything with your name, address, account number and birth date. That includes credit-card applications, blank checks, bills and any other documents with personal information.
Read Full Story