WASHINGTON – Four Romanian nationals were charged in an indictment unsealed yesterday in federal court for their alleged participation in an international multimillion dollar scheme to remotely hack into and steal payment card data from hundreds of U.S. merchants’ point of sale computer systems, announced Assistant Attorney General Lanny A. Breuer of the Justice Department’s Criminal Division, U.S. Attorney John P. Kacavas of the District of New Hampshire and Special Agent In Charge Steven Ricciardi of the U.S. Secret Service, Boston Field Office.
Adrian-Tiberiu Oprea, 27, of Constanta, Romania; Iulian Dolan, 27, of Craiova, Romania; Cezar Iulian Butu, 26, of Ploiesti, Romania; and Florin Radu, 23, of Rimnicu Vilcea, Romania, were charged in a four-count indictment filed in the District of New Hampshire with conspiracy to commit computer fraud, wire fraud and access device fraud. Oprea was arrested last week in Romania and is currently in custody there. Dolan and Butu were arrested upon their entry into the United States on Aug. 13 and Aug. 14, 2011, respectively, and remain in United States custody. Radu remains at large.
According to the indictment, from approximately 2008 until May 2011, Oprea, Dolan, Butu and Radu conspired to remotely hack into more than 200 U.S.-based merchants’ point-of-sale (POS) or “checkout” computer systems in order to steal customers’ credit, debit and gift card numbers and associated data (collectively referred to as “credit card data”). A POS system allows merchants to process customer purchases, including those made using credit, debit and gift cards, and typically includes a computer, monitor, integrated credit card processing system, signature capture device and a customer pin pad device. Merchant victims include more than 150 Subway restaurant franchises (which is less than 1 percent of all Subway restaurants), located throughout the United States, including in the District of New Hampshire, as well as more than 50 other identified retailers. According to the indictment, members of the conspiracy have compromised the credit card data of more than 80,000 customers, and millions of dollars of unauthorized purchases have been made using the compromised data.
If convicted, the defendants face a maximum of five years in prison for each count of conspiracy to commit computer related fraud, 30 years in prison for each count of conspiracy to commit wire fraud and five years in prison for each count of conspiracy to commit access device fraud. They also face fines up to twice the amount of the fraud loss and restitution.
The case was investigated by the U.S. Secret Service and is being prosecuted by Assistant U.S. Attorney Arnold H. Huftalen of the District of New Hampshire and Trial Attorney Mona Sedky of the Computer Crime and Intellectual Property Section in the Justice Department’s Criminal Division. The Office of International Affairs in the Justice Department’s Criminal Division provided assistance. Subway Headquarters assisted in the investigation.
The details contained in the indictment are allegations. The defendants are presumed to be innocent unless and until proven guilty beyond a reasonable doubt in a court of law.