SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Four Romanians Charged in Multimillion Dollar Point-of-Sale Hacking Scheme

Romanian Nationals Charged with Participating in Multimillion Dollar Scheme to Hack into and Steal Credit Card Data from U.S. Merchants

The Department of Justice announced today that four Romanian nationals have been charged for their alleged participation in a multimillion dollar scheme to hack into and steal payment card data from merchants’ point of sale (POS) systems in the U.S.

Romanian Nationals Charged with Participating in Multimillion Dollar Scheme to Hack into and Steal Credit Card Data from U.S. Merchants

The Department of Justice announced today that four Romanian nationals have been charged for their alleged participation in a multimillion dollar scheme to hack into and steal payment card data from merchants’ point of sale (POS) systems in the U.S.

According to the Department of Justice, Adrian-Tiberiu Oprea (27), Iulian Dolan (27), Cezar Iulian Butu (26), and Florin Radu (23), all from Romania, were charged in a four-count indictment with conspiracy to commit computer fraud, wire fraud and access device fraud.

Point of Sale Hackers ArrestedOprea was arrested last week in Romania and remains in custody there, while Dolan and Butu were arrested upon their arrival into the United States in August, and are currently in United States custody. Radu remains on the loose.

The indictment alleges that from sometime in 2008 until May 2011, Oprea, Dolan, Butu and Radu conspired to hack into more than 200 U.S.-based merchants’ point-of-sale systems in order to steal customers’ credit card data.

Victims of the attacks include more than 150 Subway restaurants across the United States, as well as more than 50 other identified retailers.

Related Reading: PCI DSS 2.0 Compliance Deadlines are Looming – Are you Ready?

Advertisement. Scroll to continue reading.

According to the indictment, the hackers compromised the credit card data of more than 80,000 customers, resulting in millions of dollars of unauthorized purchases using compromised card numbers.

The defendants face a maximum of five years in prison for each count of conspiracy to commit computer related fraud, 30 years in prison for each count of conspiracy to commit wire fraud and five years in prison for each count of conspiracy to commit access device fraud. They also face fines up to twice the amount of the fraud loss and restitution.

The case was investigated by the U.S. Secret Service and was assisted by The Office of International Affairs, part of the Justice Department’s Criminal Division. The DOJ said that Subway’s corporate headquarters assisted in the investigation as well.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

More from

Latest News

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: Third-Party Risk in Practice
June 4, 2026

Organizations are investing heavily in third-party risk management, but breaches, delays, and blind spots continue to persist. Join this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice.

Register

Virtual Roundtable: CISO Forum 2026 Mid-Year Review
June 10, 2026

Explore how attackers are using AI to scale threats and how security teams can respond with AI-driven defenses. Protecting against unmonitored use of generative AI (Shadow AI) in business units and building and enforcing AI governance frameworks.

Register

People on the Move

Opal Security has appointed CPO, CTO, VP of Field Engineering, VP of Marketing, and Head of Product and Solutions Marketing.

The Department of the Air Force has appointed Ashley Devoto as Chief Information Officer.

Bartley Richardson has been named Chief AI and Autonomous Systems Officer at CrowdStrike.

More People On The Move

Expert Insights

Popular Topics

Security Community

Stay Intouch

About SecurityWeek

News Tips

Got a confidential news tip? We want to hear from you.

Submit Tip

Advertising

Reach a large audience of enterprise cybersecurity professionals

Contact Us

Daily Briefing Newsletter

Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.