Indictments on Largest Hacking and ID Theft Case in US Handed Down

130 Million Credit and Debit Card Accounts Involved

2 min read

Indictments on Largest Hacking and ID Theft Case in US Handed Down

An indictment was returned against three individuals who are charged with being responsible for five corporate data breaches, including the single largest reported data breach in U.S. history, the US Justice Department (DOJ) announced yesterday.

The indictment alleges that the co-conspirators hatched a scheme in which more than 130 million credit and debit card numbers together with account information were stolen from Heartland Payment Systems, Inc., based in Princeton, N.J., 7-Eleven, Inc., and Hannaford Brothers Co. In addition, two unidentified corporate victims were allegedly hacked by the co-conspirators.

According to the DOJ press release, between October 2006 and May 2008, Albert Gonzalez, 28, of Miami, Fla., acted with two unnamed co-conspirators to identify large corporations, often by scanning the list of Fortune 500 companies and exploring corporate websites. Upon identifying a potential victim, Gonzalez and his co-conspirators sought to identify vulnerabilities, both by physical observation and by online exploration.

The DOJ says that the alleged hackers would go to the retail locations of their potential victims in an attempt to identify the type of point-of-sale machines utilized by the victim companies. After reconnaissance of the computer systems was completed, information would be uploaded to servers which served as hacking platforms. These servers, located in New Jersey and around the world, were used by the co-conspirators to store information critical to the hacking schemes and to subsequently launch the hacking attacks.

Gonzalez was previously indicted in the Eastern District of New York on May 12, 2008, and the District of Massachusetts on August 5, 2008, for his involvement in different conspiracies relating to data breaches of companies such as TJX Companies, Dave & Busters, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW.  He has been in jail since May 2008 when he was arrested in conjunction with hacking into Dave & Busters.

Gonzalez was also previously arrested in New Jersey in 2003 for his role in ATM and debit card fraud. However, the Wall Street Journal reports, Gonzalez wasn't prosecuted because he agreed to become an informant for the US Secret Service following his arrest.

If convicted, Gonzalez faces up to 30 years in prison on the wire fraud conspiracy charge and an additional five years in prison on the conspiracy charge, as well as a fine of $250,000 for each charge.

The Conversation (0)