Gonzalez pleads guilty to TJX, other data heists
Plea ends career of hacker described by feds as the mastermind of country's biggest data thefts
Computerworld - The man described by federal authorities as the mastermind of the massive data thefts at TJX Companies Inc., Heartland Payment Systems and other retailers today pleaded guilty to charges in a 19-count indictment that include conspiracy, wire fraud and aggravated identity theft.
Albert Gonzalez, 28, of Miami, also pleaded guilty to one count of conspiracy to commit wire fraud related to a data theft at Dave & Buster's restaurant chain. That case was being prosecuted separately in New York but was merged with the case in Boston under a plea agreement negotiated with prosecutors a few days ago.
Gonzalez is scheduled to be sentenced Dec. 8 by U.S. District Court Judge Patti Saris in Boston. He faces a maximum of 25 years in prison for the charges in Boston and 20 years for the case in New York. Under the plea agreement, Gonzalez will serve between 15 and 25 years for both cases and will be fined as much as $250,000 for each of the charges.
Gonzalez will also forfeit more than $2.7 million in cash as well as multiple pieces of real estate and personal property, including a condominium in Miami, a BMW and several Rolex watches that he is alleged to have acquired through his ill-gotten gains. About $1 million of the money being forfeited was recovered from a container buried in Gonzalez' back yard, according to a statement released today by the U.S. Department of Justice.
Gonzalez was arrested in Miami in 2008 along with 10 other individuals on charges relating to the thefts at TJX, Dave & Busters, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW.
In August, federal authorities in New Jersey indicted Gonzalez on charges involving breaches at Heartland Payment Systems, Hannaford, 7-Eleven Inc. and two other unnamed retailers. Prosecutors alleged that Gonzalez, along with two unnamed Russian conspirators, stole more than 130 million credit and debit cards from the five retailers.
Today's plea brings to an end, for the moment, to the career of a hacker who federal authorities say has been the mastermind of the biggest data thefts in U.S. history. It is not clear if Gonzalez was the leader of a worldwide criminal gang or merely acting at the behest of powerful crime gangs based in Russia and East Europe. But his actions, which his lawyer has claimed stemmed from a computer addiction, have caused millions of dollars in losses to his victims. TJX has publicly estimated that costs to the company from the data breach will touch $200 million. Heartland has already spent or set aside more than $12 million and is facing numerous lawsuits from affected institutions.
In addition, some of the companies that were Gonzalez's victims have had to pay fines to Visa and the other card brands for being noncompliant with the credit card industry's Payment Card Industry Data Security Standard and to spend more money to revamp their security controls.
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts