Hacker charged with stealing 130 m credit card IDs

Hacker charged with stealing 130 m credit card IDs

The man who prosecutors said had masterminded some of the most brazen thefts of credit and debit card numbers in history was charged on Monday with an even larger set of digital break-ins.

In an indictment, the Justice Department said that Albert Gonzalez, 28, of Miami and two unnamed Russian conspirators made off with more than 130 million credit and debit card numbers from late 2006 to early 2008. The prosecutors called it the largest case of computer crime and identity theft ever prosecuted. According to the government, the culprits infiltrated the computer networks of Heartland Payment Systems, a payment processor in Princeton, New Jersey; 7-Eleven Inc ; Hannaford Brothers, a regional supermarket chain; and two unnamed national retailers.

An unspecified portion of the stolen credit and debit card numbers were then sold online, and some were used to make unauthorised purchases and withdrawals from banks, according to the indictment, which was filed in the United States District Court in Newark.
Although some states require card issuers to notify customers about security breaches, it is unclear whether all individuals whose card numbers were stolen in this case have been notified and offered new account numbers.

Gonzalez has been in custody since May 2008, when he was arrested in connection with another prominent data theft at the Dave & Buster’s restaurant chain. He has also been indicted in other thefts of credit and debt cards, including the 2005 data breach at T J Maxx stores, a division of TJX, based in Framingham, Massachussets.

Gonzalez is awaiting a trial in New York in the Dave & Buster’s attack and, separately, another in Massachusetts in the TJX breach. Trials on the charges announced on Monday will have to wait until those cases are completed, federal prosecutors said.

Gonzalez’s lawyer, Rene Palomino Jr, did not respond to requests for comment.

Erez Liebermann, an assistant United States attorney in the Justice Department’s New Jersey office, said Gonzalez’s involvement in so many data breaches suggested that “perhaps the individuals capable of such conduct are a tighter-knit group than may have been previously thought.”

Gonzalez once worked with federal investigators. In 2003, after being arrested in New Jersey in a computer crime, he helped the Secret Service and federal prosecutors in New Jersey identify his former conspirators in the online underworld where credit and debit card numbers are stolen, bought and sold.

Gonzalez secretly reconnected with his old associates, federal officials have said, and continued to ply his trade using a variety of online pseudonyms, including Segvec and Cumbajohnny.

According to the new indictment, Gonzalez and his conspirators reviewed lists of Fortune 500 companies to decide which corporations to take aim at and visited their stores to monitor which payment systems they used.


The online attacks took advantage of flaws in the SQL programming language, which is commonly used for databases.

Liked the story?

  • 0

    Happy
  • 0

    Amused
  • 0

    Sad
  • 0

    Frustrated
  • 0

    Angry