The arrests follow a four-month-long undercover operation named "Operation Sleep Over" and netted more than 150 card numbers stolen from guests in seven Joliet-area motels in Illinois. The affected motels included two Holiday Inns, three Super 8 Motels and one Ramada Motel. The seventh motel had a sign declaring it as Budget Inn Express, according to a statement on the Will County Sheriff's Office Web site.
Pat Barry, a spokesman for the sheriff's office in Joliet, said the undercover operation was launched after the arrest of someone four months ago who was involved in the scam and became an informant. That person had bought more than 10,000 stolen credit card numbers locally over the past six years.
Those arrested in the undercover operation in most cases sold the stolen credit card numbers to the informant in blocks of 10 at a rate of US$100 per number. "In two cases, receipts were created and exchanged to document the sale of credit card numbers to the informant," the statement said.
During the raids, police teams seized computers, credit cards, receipts and ledgers from each of the motels. An FBI-run Regional Computer Forensic Lab is helping the sheriff's office handle the seized computers.
"It is stunning how easily this informant was able to steal the financial identities of consumers from across the country simply by cultivating relationships in the hospitality industry," State's Attorney James Glasgow said in the statement, "From what we have learned here, this criminal scheme can be easily repeated anywhere in the country."
Barry described the investigation as ongoing, and said it is too early to know whether there would be more arrests.
The arrests appear to bolster recent analyst reports suggesting that online security breaches are not the leading cause of credit card and online fraud as many assume. The results of ayearlong study of about 5,000 U.S. consumers by Pleasanton, Calif.-based analyst firm Javelin Strategy & Research showed that despite recent hype, online data breaches are to blame for just 6 percent of all known cases of identity theft. That compared to 30 percent blamed on incidents such as losing one's wallet.
Javelin's conclusions were similar to those by other firms that have looked at the relationship between online data breaches and actual cases of ID fraud. In a 2005 study, Gartner Inc., for instance, found that just 18 percent of ID theft victims cited computer breaches, while 41 percent cited off-line causes. Another study released last year by ID Analytics showed that less than 1 percent of over 500,000 consumer records exposed in four separate data breaches were actually used in ID fraud.