Update: Mastermind of TJX, Heartland breaches to plead guilty
In deal with prosecutors, Gonzalez faces up to 25 years in prison for TJX data theft
Computerworld - Albert Gonzalez, the man accused of masterminding the massive data thefts at TJX Companies Inc., Heartland Payment Systems and several other retailers has agreed to plead guilty to charges in a 19-count indictment that includes conspiracy, wire fraud and aggravated identity theft charges.
Under an agreement with prosecutors in Boston today, Gonzalez, 28, will face a maximum of 25 years in prison and will forfeit more than $2.8 million in cash.
Gonzalez was arrested in Miami in 2008 along with 10 other individuals. He was indicted separately in federal court in Boston and in New York on charges relating to the thefts at TJX, Dave & Busters, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW.
Earlier this month, Gonzalez was also indicted in New Jersey on charges that he, along with two unidentified Russian accomplices, was responsible for huge data thefts at Heartland, Hannaford, 7-Eleven Inc. and two other unnamed retailers. Prosecutors alleged that the three were responsible for stealing data on more than 130 million credit and debit cards for the five retailers. Today's plea deal does not include his indictment on these charges.
At the time of the New Jersey indictments, Gonzalez' attorney Rene Palomino had claimed that his client had been close to agreeing to a plea bargain in connection with the charges filed against him in 2008. In an interview with Computerworld, Palomino had said that he was working with federal authorities to hammer out a new plea agreement after the indictments on the Heartland case and other charges.
Palomino had also claimed in an interview with the New York Times that he intended to argue in court that Gonzalez was not the mastermind of the Heartland breach and that it was one of his client's accomplices who had pulled off the heist.
A spokeswoman at the U.S. attorney's office in Boston said she couldn't comment on whether the plea agreement covered the indictments in New York and New Jersey. However the Reuters news service reported that today's agreement does resolve the indictments in New York. It was unclear where Reuters obtained that information, but it would to be consistent with statements that Gonzalez' attorney had made recently about the plea agreement that was being neogotiated before the indictments in New Jersey. Meanwhile, a spokesman for the U.S. attorney's office in New Jersey said today's agreement in Boston does not resolve the charges in New Jersey.
Avivah Litan, a Gartner Inc. analyst who has been following the cases, called the prison term in the proposed plea agreement reasonable. "After all, no one got physically injured or killed, and this was a white collar crime that mainly hurt the card issuing banks, which were able to recoup most -- if not all -- of their losses from the breached retailers," she said.
Massive data thefts
- Update: Mastermind of TJX, Heartland breaches to plead guilty
- Alleged data-heist kingpin is a computer addict, lawyer says
- Gonzalez's lawyer to contend he was not the kingpin of Heartland, Hannaford breaches
- Hacking kingpin negotiating plea deal with feds
- Three indicted for hack attacks on Heartland, Hannaford
- TJX data breach: At 45.6M card numbers, it's the biggest ever
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts