Two plead guilty in data security breach

Two Los Angeles area men plead guilty to using devices to bilk debit and credit card data from Stop & Shop supermarkets in Massachusetts and Rhode Island.

Two men have plead guilty and a third man is expected to plead guilty to stealing credit and debit card data using devices at Stop & Shop supermarket checkout counters. A case is pending against a fourth man in connection with the theft.

Arman Ter-Esayan and Gevork Baltadjian pleaded guilty to federal charges of aggravated identity theft and conspiracy to traffic in unauthorised access devices. A third suspect, Arutyun Shatarevyan has also agreed to plead guilty, according to an Associated Press report. The Rhode Island State Police published photos of the men allegedly entering the supermarket to retrieve the devices.

Data breaches, identity theft:

Data breach fears rise
One in three IT professionals fears a major data security breach – accidental or malicious – could put them out of business, research conducted by Datamonitor for security firm McAfee has found

Banks prepare lawsuit over TJX data breach
TJX will face a lawsuit from three banking associations as well as individual banks. The Massachusetts Bankers Association is inviting others to join the suit....

Credit card IT security chief calls for PCI DSS changes
Phil Mellinger, CISO of credit card processing giant First Data Corp. is calling for changes to the standards to speed adoption, ease restrictions and eliminate ambiguous language

The men face a maximum sentence of five years for the conspiracy charges and identity theft carries up to two years in prison.

Quincy, Massachusetts-based supermarket chain Stop & Shop acknowledged in February that thieves stole account and personal identification numbers from customers' credit and debit cards at two Rhode Island locations by tampering with checkout-lane computers.

Customer information was stolen from Stop & Shop stores in Coventry and in Cranston, and there's suspicion that stores in Bristol, Providence, Warwick, and Seekonk were affected, according to an announcement on its Web site. There's no evidence yet of fraudulent debit or credit card activity in connection with the security breach.

It is unclear how many customers were affected by the thefts and whether there has been any fraudulent activity connected to the stolen data.

Read more on IT risk management