Guilty Plea for Hacker Into U.S. Retail Networks

Albert Gonzalez pleaded guilty Friday to 19 counts of conspiracy, computer fraud, wire fraud, access device fraud and aggravated identity theft in relation to hacks into major U.S. retailers including BJ’s Wholesale Club, TJX Cos., OfficeMax, Boston Market, Barnes & Noble and Sports Authority, according to authorities involved in the wide-ranging investigation, in which the Attorney General’s Office, the U.S. Attorneys of Massachusetts and New York, and the U.S. Secret Service participated. More than 40 million credit and debit card numbers were stolen from major U.S. retailers as a result of the hacking activity.

Gonzalez, a 28-year-old Miami resident, was indicted in August 2008 in the District of Massachusetts on charges in connection with these hacks. He also pleaded guilty to one count of conspiracy to commit wire fraud relating to hacks into the Dave & Buster’s restaurant chain, which were the subject of a May 2008 indictment in the Eastern District of New York.

“Consumers must be able to trust that the credit and debit cards they use every day in thousands of stores around the world are safe from unlawful access,” said Assistant Attorney General Lanny A. Breuer of the Criminal Division. “Working together with U.S. Attorneys’ Offices around the country and with the invaluable support of law enforcement agencies, we will continue our efforts to identify and prosecute hacking and credit card fraud.”

According to the indictments, Gonzalez and his co-conspirators broke into retail credit card payment systems to capture credit and debit card numbers used at the retail stores; sold the numbers to others for their illegal use and engaged in ATM fraud by encoding the data on the magnetic stripes of blank cards and withdrawing large sums of money from the ATMs; and concealed and laundered the proceeds by using anonymous Internet-based currencies both the United States and abroad, as well as by channeling funds through bank accounts in Eastern Europe.

Based on the terms of the Boston plea agreement, Gonzalez faces 15 to 25 years in prison, while under the New York plea agreement, he would get up to 20 years in prison; the sentences are expected to run concurrently. He also faces fines and orders of restitution to the victims. Sentencing is scheduled for Dec. 8, 2009.

Gonzalez remains under indictment for charges brought in August 2009 by the U.S. Attorney’s Office for the District of New Jersey of conspiring to hack into the computer networks of U.S. retail and financial organizations to steal credit and debit card numbers from those entities. Among the corporate victims named in that indictment are Hannaford Brothers Co., Inc.; 7-Eleven, Inc.; and Heartland Payment Systems, a New Jersey-based card payment processor. Gonzalez hasn’t pleaded guilty to the pending New Jersey charges.
This ad will auto-close in 10 seconds