Heartland Hacker to be Sentenced in March

Nearly one year after the announcement of the biggest known data breach ever reported, the international hacker behind the crime pled guilty and will be sentenced in March.

Albert Gonzalez, 28, of Miami, pleaded guilty to conspiring to hack into the Heartland Payment Systems computer network. The hack is estimated to have impacted 130 million credit and debit cards.

Gonzalez, also known as "segvec," "soupnazi" and "j4guar17," admits guilt to two counts of conspiracy to gain unauthorized access to the payment card networks operated by Heartland Payment Systems. He also pled guilty to hacking networks of 7-Eleven, a Texas-based nationwide convenience store chain, and Hannaford Brothers Co. Inc., a Maine-based supermarket chain.

Information revealed in the plea agreement shows Gonzalez controlled several servers, or "hacking platforms," and gave access to these servers to other hackers, knowing that they would use them to store malicious software, or "malware," and launch attacks against corporate victims. Malware used against several of the corporate victims was also found on a server controlled by Gonzalez. Gonzalez tested malware by running multiple anti-virus programs in an attempt to find out if the programs detected the malware. Gonzalez was indicted in New Jersey in August 2009 for the Heartland breach.

Gonzalez faces up to 25 years in prison for the Heartland breach and the other intrusions. This sentence will come on top of that meted out for 19 charges he pled guilty to in September related to the data breaches of several U.S. retailers, including TJX Companies, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble and Sports Authority and Dave & Buster's restaurant chain. Gonzalez pled guilty to those breaches in September 2009. Sentencing in the Boston and New York cases is set for March 18; the New Jersey case sentencing is set for March 19.


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network