DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Arizona Man Arrested For Point-Of-Sale Cyber Intrusions

Posted on December 8, 2022 by Dissent

Damian Williams, the United States Attorney for the Southern District of New York, and Michael J. Driscoll, Assistant Director in Charge of the New York Office of the Federal Bureau of Investigation (“FBI”), announced today the arrest of FOSTER COOLEY for charges in connection with a scheme to conduct cyber intrusions targeting a New York-based company that owns and operates hair salons in New York City, New Jersey, Colorado, and elsewhere, which resulted in the theft of over $400,000.  COOLEY was arrested this morning and is expected to be presented today or tomorrow before a U.S. magistrate judge in the District of Arizona.  The case is assigned to U.S. District Judge Paul A. Crotty.

U.S. Attorney Damian Williams said: “Foster Cooley allegedly participated in a scheme to hack into a salon company’s point-of-sale provider and steal over $400,000 of credit card payments from its customers.  And because Cooley was able to steal this money without stepping foot into one of the salons he stole from, his crimes went undetected for weeks.  Hacks like this that compromise the integrity of our electronic payment systems cause great harm to businesses and consumers alike.  Thanks to this Office’s teamwork with the FBI, Cooley is now facing serious criminal charges for his alleged cybercrimes.”

FBI Assistant Director in Charge Michael J. Driscoll said: “As alleged, the defendant hacked into the victim’s business systems and diverted hundreds of thousands of dollars to his own bank accounts.   The FBI’s Cyber Task Force along with our law enforcement partners are committed to tracking down malicious hackers who target private businesses and ensuring they face the consequences for their actions.  If your business is the victim of a cyber intrusion, please report it as soon as possible; the faster we are made aware, the sooner we can provide assistance.”

According to the allegations in the Indictment unsealed today in Manhattan federal Court:[1]

In or about May 2022, FOSTER COOLEY perpetrated a scheme to conduct cyber intrusions and steal money from a New York-based company that owns and operates hair salons in New York City, New Jersey, Colorado, and elsewhere (“Victim-1”).  COOLEY stole money from Victim-1 by obtaining unauthorized access to Victim-1’s account with Victim-1’s point-of-sale provider (the “Victim-1 POS Account”) and diverting credit card payments from Victim-1’s bank accounts to bank accounts controlled by COOLEY and others.

COOLEY obtained unauthorized access to the Victim-1 POS Account by obtaining usernames and passwords of Victim-1’s employees.  Those credentials were stolen using a type of malicious software or malware that secretly steals, among other things, a victim’s usernames, passwords, and credit card information that have been saved in the victim’s internet browser.  After COOLEY successfully gained unauthorized access to the Victim-1 POS Account, COOLEY changed the bank accounts designated to receive credit card payments from Victim-1’s hair salons to bank accounts controlled by COOLEY and others.  As a result, credit card payments from Victim-1’s hair salons were fraudulently diverted to COOLEY and others.

In or about May 2022, for a period of approximately two weeks until the scheme was discovered by Victim-1, more than $430,000 in customer payments from Victim-1’s hair salons were fraudulently diverted to bank accounts controlled by COOLEY and others.

*                *                *

COOLEY, 23 of Chandler, Arizona, is charged with one count of computer fraud for causing damage to a protected computer, which carries a maximum sentence of 10 years in prison; one count of computer fraud for unauthorized access to a protected computer to further intended fraud and one count of receipt of stolen money, each of which carries a maximum sentence of five years in prison; one count of wire fraud, which carries a maximum sentence of 20 years in prison; and one count of aggravated identity theft, which carries a mandatory sentence of two years in prison to be served consecutively to any other sentence imposed.

The maximum potential sentences are prescribed by Congress and are provided here for informational purposes only, as any sentencing of the defendant will be determined by the judge.

Mr. Williams praised the investigative work of the FBI.  Mr. Williams also thanked the FBI New York Cyber Task Force, the NYPD Cyber Task Force, and the FBI Field Office in Phoenix for their assistance in the investigation of this case.

This case is being handled by the Office’s Complex Frauds and Cybercrime Unit.  Assistant U.S. Attorney Andrew K. Chan is in charge of the prosecution.

The charges contained in the Indictment are merely accusations and the defendant is presumed innocent unless and until proven guilty.


[1] As the introductory phrase signifies, the entirety of the text of the Indictment constitutes only allegations, and every fact described herein should be treated as an allegation.

Attachment(s):
Download U.S._v._Cooley_Indictment.pdf

Source: U.S. Attorney’s Office, Southern District of New York

Category: Breach IncidentsHack

Post navigation

← Fr: Victim of a cyberattack, Trois Cantons ambulances in Peyrehorade alerts its patients
HoHoHo Holiday routines… →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed
  • Order of Psychologists of Lombardy fined 30,000 € for inadequate data security protection and detection following ransomware attack
  • Lower Merion School District says a data breach was caused by a computer glitch
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.