TJX stolen data used in Florida crime spree

Law enforcement officials in Florida have arrested six individuals suspected of carrying out a fraud scheme built around the misuse of credit card data stolen from retailer TJX Companies.

In partnership with the Gainesville Police Department, officials from the Florida Department of Law Enforcement said they have taken six of 10 suspects into custody for allegedly using the TJX customer data to purchase large quantities of gift cards from discount chains Wal-Mart and Sam's Club.

[Plus: Data leakage concerns run deep]

The series of arrests marks the first specific instance of crime to be connected to the TJX data heist, although some banks have previously reported that accounts held by consumers affected by the incident had been used in attempted fraud around the globe.

Florida Department of Law Enforcement officials confirmed that they initially reported the crime ring to Framingham, Mass.-based TJX in Nov. 2006. The retail chain began informing its customers about the data breach -- blamed on a computer systems intrusion -- in mid.-Jan. 2007.

TJX media representatives didn't immediately return call seeking comment on the arrests.

The suspects were reported by Florida law enforcement officials to have been traveling throughout the state buying large quantities of Wal-Mart gift cards with the stolen credit card accounts, and then redeeming the cards at other locations. Among the items purchased by the scammers were computers, gaming devices, and big-screen TVs.

Losses experienced by Wal-Mart and the banks issuing the credit cards total more than $8 million, and are still being calculated, according to Florida officials. The suspects arrested were charged with organized scheme to defraud, a first-degree felony, and had their bonds set at $1 million each.

Arrested and booked in Metro-Dade County for the crime spree were Irving Escobar, age 18; Reinier Camaraza Alvarez, 27; Julio Oscar Alberti, 33; Dianelly Hernandez, 19; Nair Zuleima Alvarez, 40; and Zenia Mercedes Llorente, 23.

The Florida Department of Law Enforcement said that it has also issued warrants for four other people believed to be involved in the scheme.

The timeline established by the Florida arrests could help to shed light on the factors that pushed TJX -- which operates a handful of North American and European retail chains including T.J. Maxx, Marshalls, HomeGoods, and A.J. Wright -- to inform the public of its data breach.

On Jan. 17, TJX first reported that a computer systems intrusion may have compromised the personal data of an undetermined number of its customers, with hackers able to make off with individuals' credit card, debit card, and check information, along with data related to merchandise return transactions.

While the company has refused to reveal how many customers may be affected by the incident, TJX officials have confirmed that a majority of the data involved is related to people who shopped at its stores in the United States, Canada, and Puerto Rico during 2003, and between May and December 2006.