Estonian hacker Aleksandr Suvorov has been sentenced to seven years in prison for his role in two hacking schemes that involved more than 240,000 stolen credit card numbers.
According to a statement issued by the Department of Justice, Suvorov pleaded guilty to a wire fraud conspiracy charge in May 2009 for hacking into the Dave & Buster's national restaurant chain, which also involved Gonzalez, and stealing more than 80,000 credit card numbers.
Court documents say Suvorov, Gonzalez and a third co-conspirator hacked into the computer systems of Dave & Buster's Inc. for the purposes of installing malware and stealing customers' credit card information. Gonzalez, based in Miami, sent malware to the unidentified co-conspirator in the Ukraine. He then provided the malware to Suvorov, who gained unauthorized access to 11 Dave & Buster's restaurants throughout the U.S. Suvorov and associates then stole data from 81,005 credit cards.
Separately, in November 2011, Suvorov pleaded guilty to trafficking in unauthorized access devices, which included selling more than 160,000 stolen credit card numbers to an undercover U.S. Secret Service agent. The case was originally filed in the Southern District of California.
The two cases were consolidated in the Eastern District of New York.
In addition to being sentenced to seven years in prison, Suvorov is ordered to pay $675,000 in restitution and satisfy a $300,000 asset forfeiture judgment stemming from the New York charges.
"Computer hackers like Mr. Suvorov victimize businesses and individuals, posing a serious threat to their financial security," said Assistant Attorney General Breuer, who announced the sentence. "Today's sentence sends a clear message that cyber criminals operating abroad will suffer severe consequences for their crimes."
The New York case was investigated by the U.S. Secret Service Criminal Investigation Division Cyber Investigations Branch. The California case was investigated by the U.S. Secret Service San Diego Field Office.
Suvorov's associate, Gonzalez, received 20 years in prison for his role in the Heartland Payment Systems data breach. That sentence is being served concurrently with a 20-year-sentence he received on March 25, 2010 for his role in the TJX breach and similar crimes. In addition, Gonzalez was implicated in breaches at Hannaford Brothers, a grocery store chain in the northeast, and the 7-Eleven convenience store chain.
Gonzalez pleaded guilty to breaking into the computer networks of major retailers and the payment processor Heartland. The Heartland hack alone is estimated to have impacted 130 million credit and debit cards. His crimes cost companies, banks, and insurers nearly $200 million.