Ending a chapter in one of the worst hacking cases in U.S. history, a federal judge handed down a five-year sentence Thursday to a 25-year-old man who helped steal tens of millions of credit card numbers.
Damon Patrick Toey had already pleaded guilty to charges that he sold batches of stolen credit card data, called dumps, on behalf of convicted hacker Albert Gonzalez and helped him infiltrate the systems of a number of companies. Gonzalez was sentenced last month to 20 years in prison, the longest sentence ever handed down in the U.S. for a computer crime.
Operating out of a Miami condominium owned by Gonzalez, Toey worked in a hacking ring that broke into systems belonging to a number of U.S. retailers, as well as Heartland Payment Systems, a major processor of U.S. credit card transactions.
Toey was sentenced by U.S. District Judge William Young in federal court in Boston. After serving his five-year sentence, he will undergo three years of supervised release. He must also pay a $100,000 fine.
Gonzalez led a crew of hackers who broke into networks by hacking wireless access points and then later used SQL injection attacks to access corporate databases via the Web. They broke into companies that included TJX, Office Max, Barnes & Noble and Dave & Buster's, ultimately selling millions of credit card numbers to Russian criminals and using some of the data to make unauthorized ATM withdrawals.
Toey is the last of six U.S. men to be sentenced in connection with the hacking. The group's offshore accomplices have not been arrested.