(Bloomberg) -- Three men were charged with a hacking and spamming scheme that targeted the personal identifying information of more than 60 million people, New Jersey U.S. Attorney Paul Fishman said in a statement.

The men hacked the computers of four companies and used data they stole to send unsolicited e-mails in bulk, or spam, earning illegal profit of more than $2 million, according to an indictment in federal court in Newark, New Jersey. One target was a Pennsylvania telecommunications firm with records for 50 million people, according to the indictment, which said one defendant estimated they actually stole 24.5 million records.

Another target was a credit-monitoring service in Texas with 10 million personal records, prosecutors said. One defendant said they stole 200,000 records, according to the indictment.

The scheme, which ran from 2011 until July 2015, involved Timothy Edward Livingston, 30, of Boca Raton, Florida; Tomasz Chmielarz, 32, of Rutherford, New Jersey; and Devin James McArthur, 27, of Ellicott City, Maryland, according to Fishman’s statement.

Livingston ran a business, A Whole Lot of Nothing LLC, that sent bulk e-mails on behalf of legitimate companies like insurers, as well as illegal entities like online pharmacies that sold narcotics without prescriptions, according to the indictment. Livingston usually charged between $5 and $9 for each spam e-mail that resulted in a completed transaction, according to the indictment.

Bypass Filters

Livington and Chmielarz started using computer programs to send spam in a way that bypassed filters set up by companies, and they also hacked into e-mail accounts of individuals to seize control of the mail accounts of corporate victims, the U.S. said.

The data they allegedly stole included names, addresses, phone numbers and e-mail addresses.

On July 23, authorities seized Livingston’s computer, which contained 7 million records from the Pennsylvania telecommunications company, according to the indictment.

All three men are charged with conspiracy to commit wire fraud and conspiracy to commit fraud and related activity in connection with computers. The wire fraud charge has a maximum prison term of 20 years.

The case is U.S. v. Livingston, U.S. District Court, District of New Jersey (Newark).

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access