Police have smashed a Romanian organised crime gang that allegedly hacked into the computer systems of small businesses, with credit card details of 30,000 Australians used in $30 million worth of illegal transactions around the world.
An Australian Federal Police and Romanian National Police investigation led to the arrest of 16 gang members this week, and seven people in Romania have been charged.
It is said to be the biggest data theft investigation in Australia's history.
Computer hackers allegedly got access to the systems of up to 100 Australian small businesses, where the credit card details of about 500,000 people were stored.
Police said they had confirmed 30,000 of those details had allegedly been used for $30 million worth of illegal transactions.
The data, taken from small businesses like petrol stations and grocery stores, was then allegedly used to make fake credit cards which were used for transactions in the US, Europe, Hong Kong and Korea.
In August Fairfax Media reported the AFP were investigating the hacking claims.
One of the people arrested was Greco-Roman wrestling champion Gheorghe Ignat.
Romanian prosecutors were expected to argue Ignat had a part in creating fake credit cards from stolen credit card details.
Australian banks and credit unions have reimbursed the $30 million to the 30,000 Australians whose details were exposed by the hacking gang.
The small businesses have also been told how their systems were accessed and have since improved their security.
The 46 businesses confirmed by police to have been hacked were small independent operators, while investigators believe another 54 Australian businesses were targeted but there was not yet enough forensic evidence to include it in the brief of evidence.
Romanian police said the gang sold details of about 68,000 credit cards from around the world to other criminals.
The AFP's manager for cyber crime operations, Commander Glen McEwen said credit card holders should check their financial statements regularly for unusual transactions.
"These arrests are also a timely reminder that all small businesses need to check they have the correct security measures in place, look to upgrade their systems and use strong passwords so they minimise the risk of data compromises."