A couple of days ago, a leader of an identity theft ring that used the stolen credit card numbers from TJX was sentenced to 5 years in prison and fined $600,000. Irving Escobar, the said leader who allegedly purchased at least $225,000 worth of electronic goods and jewelry using the stolen credit card numbers, pleaded guilty to charges of organized scheme to defraud after he was caught last March. Four others from his team were sentenced to probation last month.

It can be recalled that in December 2006, TJX, the parent company of TJ Maxx and other popular retail stores in the US and UK, experienced what was dubbed as the largest credit card heist in history, with around 45.7 million credit and debit card numbers reportedly stolen from their system. TJX and the banks issuing the credit cards suffered at least $8 million in losses as of March 2007.

TJX did not release detailed accounts on how their system was hacked, but reported that they discovered the breach when they found a suspicious software on their computer systems. Further investigation revealed that files carrying credit card, debit card, check and unreceipted merchandise return transactions had been accessed illegally since July 2005.

Escobar’s guilty plea and subsequent sentencing had been a sliver of light after months of investigation. However, while he was caught using the stolen information, one can point out that it does not necessary follow that he was also the one who actually hacked the TJX systems.

“The actual data theft, as you know, happened months (actually more than a year) prior to the initial TJX theft(s), so [Escobar and team] obtained these stolen card numbers in an underground ‘carding’ forums,” explains Trend Micro Network Architect Paul Ferguson. “This is just an example of the vast criminal underground economy in buying and selling credit card (and other financial) information”. Given this, one might not even exactly pinpoint who the instigator was. At least not yet.

Whatever the case, this news is another battle won by the good guys. The war still rages on of course, but that doesn’t mean we’re letting up soon.