Inform banks and credit card companies about the theft

Federal authorities filed conspiracy, computer fraud, aggravated identity theft and other charges against 11 people on Tuesday, August 5, in connection with the theft and sale of credit and debit card numbers running to over 40 million records.

The U.S. Attorney General called this the “single largest and most complex identity theft case” ever to have been brought to court in the United States.

The 11 people indicted formed a criminal ring that operated in the United States, Estonia, Ukraine, Belarus, and China. The international character of the operation only highlights the global scope of cyber crimes.

The thefts associated with the criminal ring started by first hitting BJ’s Wholesale Club in 2003 and continued through 2008. The operation remained low key until February 2007 with the discovery of the largest heist they had perpetrated: the data breach involving at least 45 million credit and debit cards from customers of T.J. Maxx.

Over the years, the accused had hacked the computer systems of T.J. Maxx, Marshalls, Barnes & Noble, BJ’s Wholesale Club, Sports Authority, Office Max, Boston Market, Forever 21, and DSW.

It took three years of undercover investigation to prove that all the isolated incidents were in fact linked to one criminal ring. Several agencies of government were involved: the U.S. Justice Department, including the U.S. attorneys’ offices for various districts in Massachusetts, California and New York; the U.S. Secret Service and the Internal Revenue Service.

This also highlights the increasing need for collaboration between various agencies and groups to combat the growing threat of computer fraud.

The director of the U.S. Secret Service called the identity-theft ring “the largest and most sophisticated” ever apprehended and prosecuted by the Justice Department.

The next question is — how many identity theft rings are still lurking out there?

Safety Tips:

* Use a secure mailbox (not freestanding) and limit access to your mail carrier and yourself.

* Avoid carrying your Social Security card around; keep it in a safe place instead. Memorize the number or write it innocuously on a small sheet of paper.

* Request your credit card issuer and bank to set up a code word to your accounts. Make your password unusual and unpredictable (never your mother’s maiden name).

* If your identity has been stolen, make a report to the police. Insist on getting an official police report because you need this document.

* Inform the banks and credit card companies about the theft. Have your credit cards cancelled and replaced with new ones (with passwords). Close the bank accounts and replace with new accounts.

* When a fraudulent account gets entered into your credit report, write the creditor and send the letter by certified mail.  Include a copy of the police report and your affidavit (containing your statement about the account being fraudulent and witnessed by a notary). Request the creditor to reverse the fraudulent entry, amend your record, and send you a letter of confirmation.

* If the theft occurred in the mail, file a complaint with the U.S. postal inspector, which handles mail fraud investigations.