Miami man Albert Gonzalez, 28, and two unidentified Russians were indicted today for hacking into the computer networks of some of America's biggest retail chains, and stealing as many as 130 million credit and debit card numbers, according to the Department of Justice (DOJ).
According to the DOJ, Gonzalez and his accomplices were able to breach the security of Hannaford Bros. a New Jersey-based credit card payment processing company, and the Hannaford Bros. supermarket chain, as well as the 7-Eleven nationwide convenience store chain.
Gonzalez, who operated under aliases and handles including "segvec," "soupnazi" and "j4guar17," and his accomplices would allegedly then send the stolen data to servers in California, Illinois, Latvia, the Netherlands and Ukraine, which they could then sell in the "underground economy" of black-market stolen personal and financial data.
Gonzalez was already under indictment for his role in the TJX data breach, where the credit and debit cards of over 40 million shoppers at stores such as T.J. Maxx and Marshall's were purloined.
Gonzalez had previously been a federal informant in a 2003 fraud case, but authorities discovered he was actually criminally involved in the crime being investigated.
Gonzales has been indicted on charges of wire fraud and conspiracy. If convicted, Gonzales faces up to 20 years in prison on the wire fraud conspiracy charge and an additional five years in prison on the conspiracy charge, as well as a fine of $250,000 for each charge.
The various data breaches Gonzalez and his compatriots have allegedly been involved with have proven costly for all concerned. TJX has already paid over $60 million to settle charges brought against it by MasterCard, Visa, multiple banks, and the Federal Trade Commission (FTC), alleging negligence in not setting up strong security for their payment data processing.
Heartland has paid $12.6 million in costs so far over the loss of cardholder data from its own network, while Hannaford Bros. faces a class action charging negligence in its loss of 4.2 million credit and debit card numbers, and 1,800 reported cases of fraud connected to the breach.