Nate Anderson (ars technica) wrote an interesting article about this, where he said:
One American in Virginia, who goes by the Internet nick "John Dillinger," agreed to cooperate with "vendors" from Eastern Europe. These groups "acquired" credit card numbers, then sent them by e-mail and instant message to Dillinger, who then encoded them onto credit cards. He then took these credit cards to ATMs and made cash withdrawals; a percentage of the money was then sent back to the "vendor" and Dillinger kept the rest. Dillinger was eventually busted by the feds, though, and was sentenced in February 2007 to 94 months in jail.This is a good example of how the Internet is enabling a global identity theft crisis.
Apparently, the problem is big enough for the FBI to send assets to Romania and Russia to go after the problem.
Of course, since most of the stolen information comes from the West, I guess that it means the Russians and Romanians are sending assets abroad or recruiting them there, also.
Nate's article, here.
In the past few days, 6 arrests in Florida are being tied into the TJX data breach (which might be the largest known compromise) to date.
Although, no one seems to be saying for sure, I doubt the six arrested are the main players in the TJX breach. They probably purchased the information, elsewhere.
The total damage being reported in the Florida case is $8 million. The case was identified when the perps made some (extremely) large gift card purchases.
Maybe that's why they got caught, or they got (slightly) greedy?
IT also probably isn't entirely fair to keep publishing the TJX breach. Personal and financial details have been stolen from a LOT of places. The known places can be viewed at attrition.org, here.
This is a global problem and it's going to take a global effort to put a stop to it!