Eleven charged with huge identity theft

Suspects allegedly hacked unprotected wireless connections to obtain card numbers

Identity fraud costs the US $1.8bn (£920m) a year

Eleven people in the US have been charged in one of the largest identity theft cases of all time.

The suspects allegedly hacked unprotected wireless connections to obtain card numbers, account information and password details.

Three people from the US, three from the Ukraine, two from China, one from Estonia and one from Belarus were charged. An 11th defendant was not identified.

They then stored the information on servers in Europe and the US, and used it to buy goods from a number of different retailers.

Those affected were TJX Corporation, BJ's Wholesale Club, Barnes and Noble, Sports Authority, Boston Market, Office Max, Dave and Busters, DSW shoe stores and Forever 21.

TJX, which owns the Marshall's and TJ Maxx chains in the US, was the hardest hit, as data from 45.7 million credit cards was stolen from its system.

The Federal Trade Commission estimates identity fraud costs the $1.8bn (£920m) a year.

Bruce Schneier, BT’s chief security technology officer, was warning about the threats of ID fraud back in 2005. He said: "The real crime here is fraud; more specifically, impersonation leading to fraud. Impersonation is an ancient crime, but the rise of information-based credentials gives it a modern spin. As more information about us is collected, correlated, and sold, it becomes easier for criminals to get their hands on the data they need to commit fraud. It doesn't take much personal information to apply for a credit card in someone else's name. It doesn't take much to submit fraudulent bank transactions in someone else's name.

And in some countries it’s surprisingly easy to get an identification card in someone else's name. Our current culture, where identity is verified simply and sloppily, makes it easier for a criminal to impersonate his victim. We need to make the entity that is in the best position to mitigate the risk to be responsible for that risk.

"That means making the financial institutions and companies who hold the data liable for fraudulent transactions – this will result in a lot more prosecutions and a much safer environment. These prosecutions in the US are just the tip of the iceberg and more needs to be done."