Romanian National Extradited to U.S. to Face Charges for Allegedly
Participating in Multimillion Dollar Scheme to Hack into and Steal
Credit Card Data from U.S. Merchants
May 30, 2012
Oprea, 28, of Constanta, Romania, was extradited to the United States
and appeared in federal court in New Hampshire today, to face federal
charges relating to his alleged participation in an international
multimillion dollar scheme to remotely hack into and steal payment card
data from hundreds of U.S. merchants’ “point of sale” computer systems.
In a four-count indictment unsealed on Dec. 6, 2011, Oprea, along with
three other Romanian nationals, Iulian Dolan, Cezar Iulian Butu and
Florin Radu, were charged with conspiracy to commit computer fraud,
conspiracy to commit wire fraud and conspiracy to commit access device
fraud. Oprea was extradited to the United States on May 25, 2012. He was
arrested on Dec. 1, 2011, in Romania and remained in custody there prior
to his extradition. Dolan and Butu were arrested upon their entry into
the United States on Aug. 13 and Aug. 14, 2011, respectively, and remain
in United States custody. Radu remains at large.
According to the indictment, from approximately 2008 until May 2011,
Oprea, Dolan, Butu and Radu conspired to remotely hack into more than
200 U.S.-based merchants’ point-of-sale (POS) or “checkout” computer
systems in order to steal customers’ credit, debit and gift card numbers
and associated data (collectively referred to as “credit card data”). A
POS system allows merchants to process customer purchases, including
those made using credit, debit and gift cards, and typically includes a
computer, monitor, integrated credit card processing system, signature
capture device and a customer pin pad device. Merchant victims include
more than 150 Subway restaurant franchises located throughout the United
States, including in the District of New Hampshire, as well as more than
50 other identified retailers. According to the indictment, members of
the conspiracy have compromised the credit card data of more than 80,000
customers, and millions of dollars of unauthorized purchases have been
made using the compromised data.
convicted, each defendant faces a maximum sentence of five years in
prison for the conspiracy to commit computer fraud charge and for each
conspiracy to commit access device fraud charge and 20 years in prison
for conspiracy to commit wire fraud charge. They also face up to three
years of supervised release, a fine of up to twice the amount of the
fraud loss, and restitution.
The case was investigated by the U.S. Secret Service and is being
prosecuted by Assistant U.S. Attorney Arnold H. Huftalen of the District
of New Hampshire and Trial Attorney Mona Sedky of the Computer Crime and
Intellectual Property Section in the Justice Department’s Criminal
Division. The Office of International Affairs in the Justice
Department’s Criminal Division provided substantial assistance. The
department would like to thank Subway for its cooperation.
The charges contained in the indictment are allegations. The defendants
are presumed to be innocent unless and until proven guilty beyond a
reasonable doubt in a court of law.