Hide Transcript Show Transcript

GORDON WHO USED SOPHISTICATED TECHNOLOGY TO FIND USERNAMES AND PASSWORDS TO GET INTO THE KOHL’S SYSTEM, THEN MADE HIS PROFIT SELLING WHAT HE STOLE ON TWITTER. THE TWITTER PAGE TOUTS ITSELF AS SPECIALIZING IN STEALS AND DEALS. BUT THOSE DEALS, ACCORDING TO FEDERAL INVESTIGATORS, BELONGED TO SOMEONE OTHER THAN THE PERSON OPERATING THE ACCOUNT. IN A FEDERAL COMPLAINT, PROSECUTORS LINKED THE ACCOUNT TO ROBERT GORDON, AN ARMY RECRUITER IN WAUSAU. HE’S ACCUSED OF HACKING THE KOHL’S WEBSITE TO GAIN ACCESS TO KOHL’S CASH, THE FREE CASH ASSIGNED TO CUSTOMERS AFTER THEY SPEND A CERTAIN AMOUNT IN THE STORE. THE TWITTER ACCOUNT "OFFICIAL JIGLORD" WOULD SELL THE STOLEN BENEFITS TO MAKE A PROFIT. THIS ONE FROM MEMORIAL DAY ADVERTISES $350 IN KOHL’S CASH FOR $150 IN REAL CASH. MANY USERS BOUGHT IN, BOASTING THEIR SUCCESS. ONE PERSON TWEETED, "SHOUT OUT TO @OFFICIALJIGLORD FOR THE HOOK UP," WITH AN IMAGE OF PRICEY BED SHEETS. LOOK CLOSELY AT THE RECEIPT. THE ENTIRE PURCHASE WAS MADE WITH KOHL’S CASH. PROSECUTORS BELIEVE GORDON AND HIS WIFE MADE PROFITS OF NEARLY $100,000 IN JUST FOUR MONTHS. IN A STATEMENT, KOHL’S TELLS 12 NEWS IT’S COOPERATING WITH AUTHORITIES, AND ENCOURAGED CUSTOMERS TO AVOID USING THE SAME USERNAME AND PASSWORD FOR MULTIPLE SITES, ADDING, "THIS TYPE OF ACTIVITY IS NOT UNIQUE TO KOHL’S." IN FACT, FEDS THINK THE CASE IS ALSO LINKED TO HACKS OF SEVERAL COMPANIES -- AMC, ULTA, STARBUCKS, AND CHI

Advertisement Feds charge Wausau man with hacking Kohl's accounts to sell Kohl's Cash online A Kohl's spokesperson said they are currently working with investigators. Share Shares Copy Link Copy

When several Kohl's customers boasted on social media they were able to take home expensive merchandise for no cost at all, they praised the Twitter user who helped make it possible: @OfficialJigLord.The person operating the account, which proudly promotes its ability to "specialize in steal, deals and jigs," retweeted the successes.The arrogance, according to a federal criminal complaint, prompted at least one person to contact Kohl's through a private message alleging the account was selling illegally obtained property of the company. Federal investigators had also caught wind and were tracing a digital trail that led them to an Army recruiter in Wausau, records show.Robert Gordon is the man investigators said operated the account which advertised Kohl's cash in order to make a profit. Kohl's cash is free money the company assigns to customers who spend certain amounts of money in the store or online.But according to the complaint, Gordon hacked the Kohl's database containing Kohl's Cash numbers. The record shows investigators linked the hack to an IP address connected to Gordon and his wife."Kohl's records showed that from around July 23, 2018 through October 3, 208, several thousand login attempts to Kohl's webstore were made from that IP address. The login attempts used different, unique usernames and passwords to try to access the website," on federal investigator wrote in the affidavit.Prosecutors said with the numbers he obtained, Gordon sold them through the @OfficialJigLord account on Twitter.Users bought in and when they successfully used numbers they bought from Gordon, the complaint said, they bragged about it on the social media platform."Shoutout to @OfficialJigLord for the hookup!," one user tweeted, with a picture of expensive Vera Wang sheets from Kohl's. The image included a receipt which showed the entire purchase was made with a series of different Kohl's cash numbers. Investigators said multiple people who had legitimate access to the Kohl's cash numbers complained to the company when they could not use the benefits.The court documents said Gordon and his wife made $92,829.11 in profits in a four month period.In a statement, a Kohl's spokesperson said the company was working with investigators and encouraged customers to avoid using the same username and passwords across multiple sites and to change passwords frequently."This type of activity is not unique to Kohl’s, nor is it unique to retail as there are loyalty programs at restaurants, airlines, hotels, etc," Jen Johnson said in the statement.A spokesperson for the U.S. Attorney's Office for the Eastern District of Wisconsin, where the case is being prosecuted, would not say if the people who purchased the illegally obtained numbers would also be subject to criminal charges and prosecution.Gordon and his wife are both out of jail, but scheduled to return to court for preliminary hearings on June 20.Gordon faces 45 years in prison and a $750,000 fine if convicted. Complete Statement from Kohl's Regarding the federal criminal complaint you shared, Kohl's is cooperating with the authorities leading this prosecution and refer all inquiries to the U.S. Attorney’s Office in the eastern district of Wisconsin.From time to time we’ve been made aware of criminals using login credentials stolen from outside sources to access customer loyalty benefits. This can arise when customers reuse their login credentials across multiple websites. While we continue to actively fight this type of fraud, if, for any reason, a Kohl’s customer has a question or concern about their Kohl’s Cash, Kohl’s customer service will work with them to restore the value of their earned rewards.Kohl’s takes the security of customer information very seriously and has invested significant resources in its security programs. This type of activity is not unique to Kohl’s, nor is it unique to retail as there are loyalty programs at restaurants, airlines, hotels, etc. We encourage all of our customers to follow security best practices and avoid using the same username and password for multiple sites and to change passwords on all accounts frequently.