Connect with us

Hi, what are you looking for?


Application Security

U.S. Charges 22 in Stolen Payment Cards Crackdown

The U.S. Justice Department this week announced indictments against 22 individuals who allegedly purchased and used payment cards stolen from a national retail chain.

The U.S. Justice Department this week announced indictments against 22 individuals who allegedly purchased and used payment cards stolen from a national retail chain.

Using point-of-sale malware installed at multiple retail locations of the target company, threat actors stole information of over three million payment cards, including credit, debit, and gift cards used at over 400 of the company’s retail stores.

According to the indictment, the co-conspirators then sold the hijacked data for $4 million in Bitcoin to an individual who sold it to thousands of other people, including the 22 now facing charges by the U.S. Department of Justice.

Twenty of the defendants have been arrested while the other two remain are large, likely abroad, the authorities said.

The 22 individuals are charged with using the payment card information to make various purchases, including at gas stations, hotels, and restaurants.

The indictment alleges that one of the defendants purchased more than 13,000 payment cards stolen from the retail chain, while another purchased more than 6,000 such cards. Others purchased between 2,000 and 4,000 payment cards. 

According to the Justice Department, each defendant faces up to 20 years in federal prison for charges of wire fraud and a two-year mandatory, consecutive prison sentence for aggravated identity theft.

Advertisement. Scroll to continue reading.

Related: US Charges Swiss ‘Hacktivist’ for Data Theft and Leaks

Related: U.S. Charges North Korean Hackers Over $1.3B Bank Heists

Related: US Indicts Head of Alleged Crime Chat Comms Service

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...