Business Identity Theft and Phishing Scam

I am the owner of an online international ecommerce website for trading investments. Some time ago our client database was breached, and clients of ours have been receiving emails and phone calls from people who are identifying themselves as our company and demanding wire transfers to their bank account. We have heard of several cases like this, and most recently one of the clients who made transfer of 4,000 USD to these scammers,has contacted us, and upon my request he has provided to me a phone number he received this call from. I called the number, pretending to be this client and clearly this an operation of at least several people, who are calling our clients and making false promises to them. I have the phone conversation recorded, and they can be clearly heard identifying themselves as our company, and i asked them to provide me with the bank account details again. How can I stop these scammers using the evidence I have, and make sure they are punished for all they have done?

[AlanJones]

Did you notify your clients and the authorities of the breach when it happened? That would probably stop any more of them being scammed if the know that the details you stored about them have been stolen and are being used for fraud.

If the scammers are using VoIP numbers, they could be absolutely anywhere in the world, so the chances of them being identified, let alone "punished" are slim, but you should pass your evidence to the police.