The arrested individuals have allegedly opened several IT services companies in Romania to set up and maintain the infrastructure that allowed them to break into computer systems belonging to a number of well-known foreign companies operating gas stations and grocery stores.
Having gained unauthorized access to these systems, they infected them with malware capable of intercepting credit card transaction data.
This data was either store locally on the compromised computers and retrieved later, or sent to remote servers belonging to the crooks.
According to DIICOT, the group used the stolen information to make fraudulent transactions that reached the amount of $25 million, but have also been known to sell huge batches of credit cards on online black markets.
Between December 2011 and October 2012 they managed to sell in this way 68,000 credit cards at $4 each, earning themselves $270,000 in one fell swoop.
Some additional 20 individuals are to be questioned, so the number of people arrested following this investigation might still increase.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.