Hacker Albert Gonzalez receives 20 years in prison

Share this article:
Albert Gonzalez on Thursday received the largest-ever U.S. prison sentence for a hacker.

Gonzalez, 28, of Miami, was sentenced to 20 years in prison for leading a group of cybercriminals that stole tens of millions of credit and debit card numbers from TJX and several other retailers.

Gonzalez pleaded guilty in September to multiple federal charges of conspiracy, computer fraud, access device fraud and identity theft for hacking into TJX, which owns T.J. Maxx, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble and Sports Authority. He was facing up to 25 years in prison for these charges.

Gonzalez also pleaded guilty last year in two other pending hacking cases for which he is scheduled to be sentenced on Friday. He faces up to 20 years in prison for his role in hacking into the network of Dave & Buster's restaurant chain and stealing credit and debit card numbers from at least 11 locations.

As part of a third pending case, Gonzalez faces between 17 and 25 years in prison for hacking into the payment card networks of Heartland, 7-Eleven and Hannaford Bros. supermarket chain to steal more than 130 million credit and debit card numbers. In a plea deal, his sentences will run concurrently to each other.

The former record-high hacking sentence of 13 years in prison was handed down just last month to a San Francisco man named Max Ray Butler, who was convicted of hacking into financial institutions and then hawking the stolen data in an online forum. 

This is the third conviction to be handed down this week to individuals involved in the TJX hack. On Tuesday, one of Gonzalez' co-conspirators, Jeremy Jethro, 29, was sentenced to six months home confinement and three years of probation for providing Gonzalez with a zero-day exploit to take advantage of a then-unknown vulnerability in Microsoft's Internet Explorer browser.

In addition, Humza Zaman, formerly a programmer at Barclays Bank, was sentenced earlier this month to 46 months in prison and fined $75,000 for laundering at least $600,000 in identity theft proceeds for Gonzalez. Also, in December, Stephen Watt, 25, of New York was sentenced to two years in prison and ordered to pay $171.5 million in restitution for providing Gonzalez with the "sniffer" program that was used to hijack credit card numbers from TJX.

The security community reacted swiftly to the Gonzalez sentencing.

“The Gonzalez sentence sends a clear message to career criminals and organized crime outfits,” Michael Maloof, CTO at information security management firm TriGeo Network Security, said in a statement sent to SCMagazineUS.com on Thursday.  “If you use a computer to steal or provide tools that encourage others to steal, you will go to jail – hopefully for a very, very long time.”

Frank Kenney, VP global strategy at managed file transfer solutions vendor Ipswitch File Transfer, also said Gonzalez' sentence could serve as a deterrent to others.

“Raising the bar with sentences like the Gonzalez case may detract future hackers,” he said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, ...

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach ...

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.