Heartland Data Breach: TJX Hacker Indicted for Crime

Suspect Also Linked to 7-Eleven, Hannaford Breaches
Heartland Data Breach: TJX Hacker Indicted for Crime
The Department of Justice and federal prosecutors on Monday indicted a Miami, FL man in connection with the biggest credit card data breach on record -- the theft of 130 million card numbers from Heartland Payment Systems, along with two other recent high-profile hacks, Hannaford Brothers and the 7-Eleven data breaches of 2008.

The 28-year-old Albert Gonzalez, already in federal custody, was previously charged in two other data breaches, including the theft of 40 million credit card numbers from retailer TJX.

According to the Justice officials, Gonzalez was charged with conspiracy and wire fraud, along with two unnamed co-conspirators located in Russia, accused of using the hacking technique called an SQL injection attack to breach the network firewalls of Heartland, 7-Eleven and Hannaford Brothers.

The indictment alleges that Gonzalez and two Russian co-conspirators sent the stolen data to computer servers they operated in California, Illinois, Latvia, the Netherlands and Ukraine.

Gonzalez is also facing charges in New York for the hacking of Dave and Buster's, a national restaurant chain. Trial on those charges is scheduled to begin in September.

Gonzalez is set to be tried in Massachusetts in 2010 for the theft of 40 million credit card numbers from TJX in 2005 and 2006. He was arrested in May, 2008 for the TJX hack. He had previously been arrested by federal investigators in 2003 and was acting as an informant while he was conspiring with his criminal crew to hack TJX, Hannaford, Heartland and the other retailers.


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network