Account information stolen during the Target security breach is now being divided up and sold off regionally, a South Texas police chief said Monday following the arrest of two Mexican citizens who authorities say arrived at the border with 96 fraudulent credit cards.
McAllen Police Chief Victor Rodriguez said Mary Carmen Garcia, 27, and Daniel Guardiola Dominguez, 28, both of Monterrey, Mexico, used cards containing the account information of South Texas residents. Rodriguez said they were used to buy tens of thousands of dollars’ worth of merchandise at national retailers in the area including Best Buy, Wal-Mart and Toys R Us.
“They’re obviously selling the data sets by region,” Rodriguez said.
Garcia and Guardiola were both being held Monday on state fraud charges. It was not immediately known whether they had retained lawyers.
The local police began working with the U.S. Secret Service after a number of area retailers were hit with fraudulent purchases on Jan. 12. The Secret Service confirmed that the fraudulent accounts traced back to the original Target data breach from late last year. Investigators fanned out to McAllen-area merchants and reviewed “miles of video” looking for the fraudsters, Rodriguez said. From that, they were able to identify two people and a car with Mexican license plates.
With the help of U.S. Immigration and Customs Enforcement, investigators confirmed the identities of their suspects from immigration records of when they had entered Texas in the same vehicle. Police prepared arrest warrants last week and waited for them to return.
On Sunday morning, federal officials alerted police that their two suspects were at the Anzalduas International Bridge trying to re-enter the U.S. They were carrying 96 fraudulent cards, Rodriguez said. He did not know whether they were the first arrests related to the Target data breach.
Investigators believe the two were involved in both the acquisition of the fraudulent account data and the production of the cards, but only part of what must have been a much broader conspiracy. Rodriguez said investigators suspect Garcia and Guardiola were singling out Sundays for their shopping sprees hoping that the banks would not be as quick to detect the fraud.
With the amount of electronics and other merchandise purchased on Jan. 12, Rodriguez said the two would have needed an “army” to move it all.
Rodriguez also alluded to a link with Eastern Europe or Russia, but did not provide additional details. He said he expected Garcia and Guardiola to eventually face federal charges.
South Texas authorities have seen large-scale fraudulent credit card schemes before, including one in which they seized machines used to upload information to the cards’ magnetic strips.
The security breach involving Minneapolis-based Target is believed to have involved 40 million credit and debit card accounts and the personal information of 70 million customers.