Laurentiu Cristian Buscu, 28, of Romania, was recently sentenced in New Haven, Conn., to 60 months in federal prison for his involvement in a phishing scheme.
According to court documents, Busca and others were part of a "loose-knit conspiracy" that shared data stolen through phishing, including thousands of credit and debit card numbers, expiration dates, CVV codes, PIN numbers and other personal information including names, addresses, telephone numbers, birthdates and Social Security numbers.
Members of the group then used that information to made unauthorized withdrawals, often from ATMs in Romania.
The group targeted financial institutions including People's Bank, Citibank, Capital One, Bank of America, JPMorgan Chase & Co., Comerica Bank, Regions Bank, LaSalle Bank, U.S. Bank, Wells Fargo & Co., eBay, and PayPal.
Busca was apparently heavily involved in the scheme from 2004 to 2006, and his e-mail accounts contained more than 10,000 stolen debit and credit card numbers. He was also found in possession of tools for phishing, including files used to create fake Web sites and software used to create fake credit and debit cards.
Busca was one of 19 Romanian citizens indicted for their involvement in the scheme. He was extradited from Romania in December of 2011, and pleaded guilty to one count of conspiracy to commit access device fraud on November 20, 2012.