The Leon County, FL. Sheriff's office arrested area residents Tony Acreus, Jeremy Frazier and Timothy Johns, who had allegedly used stolen credit card numbers since November, according to Sgt. Tony Drzewiecki, spokesman for the sheriff's office.
According to the Tallahassee, FL. Democrat, the suspects were running "a very sophisticated and complex criminal enterprise." Law enforcement is investigating how the three men were able to obtain credit card numbers from the Heartland breach, which was first announced on January 20.
Meanwhile, in just over a week, the number of financial institutions that have come forward to say they have been contacted by their credit card companies Visa and MasterCard in relation to the breach has jumped from fewer than 50 to more than 200.
As part of its ongoing coverage of the case, BankInfoSecurity.com on Thursday asked institutions to contact the site if they had been affected by the Heartland breach and didn't appear on the latest list of impacted institutions. More than 60 came forward, and institutions continue to identify themselves today. Some of these institutions have reported fraudulent use of the stolen card numbers. One bank in Arkansas said nearly 70 customer cards were counterfeited and used to make charges in Texas, Florida, and Louisiana beginning in mid December. Another institution in Maine reported fraud from stolen card numbers was nearly $70,000.
Heartland, the sixth-largest payments processor in the U.S., says that its processing systems were breached in 2008, exposing an undetermined number of consumers to potential fraud. While Heartland and the credit card companies remain tight-lipped about the total number of institutions and card account numbers involved, Heartland has said that, at the time of the breach, it processed an average of 100 million transactions per month for more than 250,000 different retailers and merchants.
If your institution has been affected in the Heartland breach and you are not on this list, please send an email to firstname.lastname@example.org. Include your name, email, and a phone number where you may be contacted for verification.