The U.S. Department of Justice has brought federal charges against three people who have been accused of being the masterminds behind a cyber fraud ring in connection to a case that involves a billion stolen email addresses, Reuters reported.
The charges include two Vietnamese citizens and one Canadian, who the Feds say sent spam emails that offered fake software products, which in turn led to the hacking of the email accounts. According to Reuters, the Justice Department called this "one of the largest data breaches in the U.S. history." Although the department released details of the charges, the companies in the attack were not named.
Those indicted in the case are: Viet Quoc Nguyen, 28, and Giang Hoang Vu, 25, of Vietnam, who the government said stole "email addresses to identify tens of millions of people who they targeted in a spam campaign." Vu was brought to the U.S. last year and plead guilty last week, Reuters reported, and Nguyen has not been found yet. The 33-year-old Canadian, David-Manuel Santos Da Silva, was charged with conspiracy to commit money laundering, according to the report, which said he was arrested last month and is set for arraignment this week.
According to Brian Krebs on Krebs on Security, Epsilon — part of Alliance Data System Corporation — was one of the data breach victims, which he confirmed in his report via a statement from Epsilon.
“Epsilon confirms that it is among the victims of the cybercrime referenced in the Department of Justice’s indictment unsealed on March 5 against three individuals for their roles in hacking email service providers throughout the United States," the statement said. "We are pleased with the outcome of the investigation carried out by the U. S. Secret Service and the resulting indictment by the Department of Justice, and thank them for bringing this criminal activity to prosecution. Data protection is, and always has been, the top priority at Epsilon, and businesses and law enforcement must work together to prevent this type of criminal activity.”
Krebs reported that federal prosecutors said that the defendants "made more than $2 million blasting out spam to more than 1 billion email addresses stolen from several email service providers," and managed to hack the email servers used by the email service providers to perpetrate fraudulent services.