Albert Gonzalez
(Credit: Wired.com)A Miami hacker who had already pleaded guilty to computer fraud and identity theft for breaches at retailers T.J. Maxx, OfficeMax, and many other merchants, pleaded guilty on Tuesday to similar charges related to breaches at Heartland Payment Systems, 7-11, Hannaford Brothers supermarkets, and two other companies.
Albert Gonzalez, 28, reiterated terms of a plea agreement in U.S. District Court in Boston. A week earlier, co-conspirator Stephen Watt of New York, appeared in that same court and was ordered to serve two years in prison and pay $171.5 million in restitution for developing a sniffing program used to grab payment card data in the breach at the TJX companies between 2003 and 2008.
In that case, Gonzalez agreed in September to forfeit more than $2.7 million in restitution, as well as a condo, jewelry, and a car as part of his plea agreement. In addition to the TJX Companies (owner of T.J. Maxx), Gonzalez's ring is accused of breaches at BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority and others.
Separately, he also has pleaded guilty to one count of conspiracy to commit wire fraud related to hacks into the network of the Dave & Buster's restaurant chain.
Gonzalez was the ringleader in what authorities have said constituted the largest identity fraud scam in U.S. history.
He and two Russian men were indicted in the Heartland case in August, accused of stealing data related to more than 130 million credit and debit cards. Retailer Target told Reuters that it was one of the victims of Gonzalez. "We believe that, at most, only a tiny fraction of guest credit and debit card data used at our stores may have been involved," Target spokeswoman Amy Reilly said.
Gonzalez, a former federal government informant, faces several sentences of up to 20 or 25 years in prison. Sentencing is set for March.
His attorneys, in seeking the minimum sentence, have suggested that Gonzalez may have Asperger's Disorder. He admitted in court that he had abused alcohol and drugs for years, according to Reuters.
Albert Gonzalez
(Credit: Wired.com)A 28-year-old Miami man who made millions breaking into computer networks and stealing credit card numbers pleaded guilty on Friday and agreed to forfeit more than $2.7 million in restitution, as well as a condo, jewelry, and a car.
Albert Gonzalez, a former federal government informant and the alleged ringleader of one of the largest known identity theft cases in U.S. history, pleaded guilty as expected to 19 counts of conspiracy, computer fraud, wire fraud, access device fraud, and aggravated identity theft related to theft of credit and debit card data from TJX Companies (owner of T.J. Maxx), BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, among other retailers.
Gonzalez, along with 10 others from the U.S., Eastern Europe, and China, were accused in August 2008 of breaking into retail credit card payment systems using wardriving (searching for unsecured wireless networks while driving by with a laptop), and installing sniffer programs to capture data.
He also pleaded guilty to one count of conspiracy to commit wire fraud related to hacks into the network of the Dave & Buster's restaurant chain. He was indicted on that charge in New York in May 2008.
Gonzalez still faces charges in New Jersey of conspiring to steal credit card numbers from Heartland Payment Systems, 7-Eleven, and supermarket chain Hannaford Brothers following an indictment handed down against him and two unnamed Russians last month.
Gonzalez and his alleged co-conspirators sold the numbers to others and encoded the data onto magnetic stripes of blank cards and used the new cards to withdraw tens of thousands of dollars at a time from ATMs, according to the indictments. They concealed and laundered their proceeds by using anonymous Internet-based currencies within the U.S. and abroad, and by channeling money through bank accounts in Eastern Europe, court documents indicate.
Under the terms of the plea agreements, Gonzalez faces up to 25 years in prison for the Boston charges and up to 20 years on the New York charges and will serve the terms concurrently. He also faces fines of at least $500,000.
As for restitution, Gonzalez has agreed to forfeit his Miami condo, a 2006 BMW 330i, a Tiffany diamond ring, Rolex watches, and more than $1 million in cash that was buried in his back yard.
Sentencing is scheduled for December 8. Gonzalez' attorney, Rene Palomino, did not immediately respond to a request for comment.
TJX stores, including T.J. Maxx and Marshalls, are holding a one-day 15-percent-off sale on Thursday as a way to show appreciation for customers after a data breach at the company.
TJX disclosed in 2007 that 45.7 million customer accounts were compromised
"TJX has chosen to hold a previously planned, one-time Customer Appreciation Day to express our appreciation to customers for their continued support and patronage following the criminal attack(s) announced on our computer systems two years ago," TJX spokeswoman Sherry Lang said in a statement. "TJX remains committed to providing our customers a safe and secure shopping environment as well as offering the great quality, fashion, brands, and values our customers have grown to expect."
The sale initially was negotiated to be part of a court settlement but did not end up in the final agreement. The Framingham, Mass.-based company decided to hold the sale anyway, according to The Boston Globe.
TJX has more than 2,400 stores, including HomeGoods and A.J.Wright in the U.S. and Winners, HomeSense, and StyleSense in Canada, as well as T.K. Maxx and HomeSense in Europe.
The TJX breach was considered the largest ever, but a recently announced breach at payment processor Heartland Payment Systems may be even bigger. Heartland disclosed on Tuesday that customer accounts had been compromised last year.
Heartland processes payroll and credit card payments for more than 250,000 businesses and handles more than 100 million transactions per month. The president of Heartland said he did not know exactly how many unique cards or consumers were affected.
(Credit:
TJX)
A second criminal hacker accused of involvement in the massive data breach targeted at T.J. Maxx's parent company, one of the largest security breaches to date, reportedly pleaded guilty on Monday.
As part of a plea bargaining arrangement Christopher Scott, 25, of Miami, has admitted to computer hacking, access device fraud, and identity theft, according to the Associated Press. He could face a sentence of up to 22 years in jail and a fine of up to $1 million for his crimes.
The plea comes almost two weeks after Damon Patrick Toey pleaded guilty to his role. The 11 defendants were formally charged last month. Three are from the U.S., one from Estonia, three from the Ukraine, two from the People's Republic of China, and one from Belarus. Another man involved used an alias and his whereabouts are unknown.
In March 2007, TJX, the parent company of T.J. Maxx and Marshall's, said 45.7 million accounts were compromised over nearly a two-year period. The company believed the hackers gained access to millions of credit card and debit card numbers through inadequately protected Wi-Fi networks, and then put the numbers up for sale.
- prev
- 1
- next
