Eleven people were charged today (Wednesday) in the US with crimes including conspiracy, computer intrusion, fraud and identity theft.
A federal grand jury heard in Boston that the accused had hacked into the systems belonging to nine major US retailers.
They are alleged to have used a technique known a ‘wardriving' whereby they drove around the suburbs of Miami and San Diego with laptops, scanning for security holes in wireless internet networks of banks and shops.
Sniffer programmes were used to obtain card numbers, personal information and passwords, which were either allegedly used by the accused, or sold on the black market.
The US Attorney explained that the card details were used on blank cards that had their magnetic strips suitably altered to contain fraudulently acquired details. Thousands of dollars were withdrawn from ATMs with these cards, it was claimed.
The thefts are said to have begun in 2003 but remained undiscovered until February last year, when TJX, which trades in the UK as TK Maxx, reported that the data on 45.7 million debit and credit cards from the UK, US and Canada had been breached.
The retailers affected are TJX Corporation, BJ's Wholesale Club, Barnes and Noble, Sports Authority, Boston Market, Office Max, Dave and Busters, DSW shoe stores and Forever 21.
Three of the accused are from the US. The remainder are from Estonia, Ukraine, China and Belarus.