WASHINGTON/BOSTON, (Reuters) – Two Vietnamese citizens and a Canadian have been charged with running a massive cyberfraud ring that stole 1 billion email addresses, then sent spam offering knockoff software products, the U.S. Department of Justice said yesterday.
The Justice Department described the hacking spree as “one of the largest” data breaches uncovered in U.S. history. It declined to name the email companies that were victimized, though it appeared that the breaches included a massive 2011 attack on email marketing firm Epsilon.
Security blogger Brian Krebs reported that Epsilon, a unit of Alliance Data Systems Corp, was among the victims. That high-profile 2011 attack was followed by a wave of customer notifications from Epsilon clients, including Citigroup Inc and JPMorgan Chase & Co. (http://reut.rs/1En1udF)
Krebs noted that the government’s press release said the data breach “was the subject of a congressional inquiry and testimony before a U.S House of Representatives subcommittee on June 2, 2011.” The House Energy and Commerce Committee held a hearing on that data about breaches at Sony Corp <6758.T) and Epsilon, according to Krebs. (http://bit.ly/1wbKVi7)
Epsilon representatives could not be reached. Viet Quoc Nguyen, 28, is charged with hacking at least eight email service providers between February 2009 and June 2012.
The government alleges that Nguyen and Giang Hoang Vu, 25, both Vietnamese citizens, used the stolen email addresses to identify tens of millions of people who they targeted in a spam campaign.
The spam emails directed recipients to websites selling software that was falsely branded as Adobe Systems Inc’s .
