List of businesses targeted from 2005 to 2012 by an international hacking ring that stole more than 160 million credit and debit card numbers, according to an indictment announced Thursday in Newark, N.J. The government did not provide figures in each case of the number of card numbers stolen, or of the estimated losses. It also said not all of the breaches of corporate computer networks resulted in financial losses.
- 7-Eleven Inc., based in Dallas. Starting in 2007, malware placed on its network, resulting in the theft of an undetermined number of credit and debit card numbers.
- Carrefour S.A., French multinational retailer. Starting in 2007, computer networks breached, about 2 million credit card numbers were covertly removed.
- Commidea Ltd., European provider of electronic payment processing for retailers. In 2008, malware used in other attacks found on its networks; about 30 million card numbers covertly removed.
- Dexia Bank Belgium. In 2008 and 2009, malware placed on its network, with theft of card numbers resulting in about $1.7 million in losses.
- Discover Financial Services Inc., issuer of Discover Card and owner of Diners Club charge card network. In 2011, malware placed on network of Diners Singapore, exposing more than 500,000 Diners credit cards and causing losses of about $312,000.
- Dow Jones Inc., publisher of news, business and financial information. In or before 2009, malware placed on network, about 10,000 sets of log-in credentials stolen.
- Euronet, based in Leawood, Kan., global provider of electronic payment processing. In 2010 and 2011, malware placed on its network, resulting in theft of about 2 million card numbers.
- Global Payment Systems, based in Atlanta, one of world’s largest electronic transaction processing companies. In 2011-12, malware placed on its payment processing system; more than 950,000 card numbers stolen, losses of nearly $93 million.
- Hannaford Brothers Co., supermarket chain operating in northeastern U.S. In 2007, malware placed on network of related company, resulting in theft of about 4.2 million card numbers.
- Heartland Payment Systems Inc., based in Princeton, N.J., one of world’s largest credit and debit card payment processing companies. Starting in 2007, malware placed on its payment processing system, resulting in theft of more than 130 million card numbers, losses of about $200 million.
- Ingenicard US Inc., based in Miami, provider of international electronic cash cards. In 2012, malware placed on its network resulted in theft of cards used to withdraw more than $9 million within 24 hours.
- J.C. Penney Co., based in Plano, Texas. Starting in 2007, malware placed on its network.
- JetBlue Airways, based in Long Island City, N.Y. Starting in 2008, malware placed on portions of computer network that stored employee data.
- Leading Abu Dhabi bank, identified only as “Bank A.” In 2010-11, malware placed on computer networks, facilitating theft of card numbers.
- Nasdaq, the largest U.S. electronic stock exchange, which offers its customers online access to their accounts. Starting in 2007, malicious software, or malware, was placed on its computer network, resulting in the theft of log-in credentials. Prosecutors said its trading platform was not affected.
- Visa Inc., manager of the Visa brand, providing payment processing services through a centralized network. In 2011, malware placed on network, about 800,000 card numbers stolen.
- Wet Seal Inc., retailer based in Foothill Ranch, Calif. In 2008, malware placed on network.
Copyright 2013 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.