TJX hacker to plead guilty to Heartland breach

Share this article:
After admitting to the TJX hacks three months ago, Albert Gonzalez has now agreed to plead guilty to charges he broke into the network of Heartland Payment Systems and several other companies to steal more than 130 million credit and debit card numbers.

The plea agreement was filed Tuesday in U.S. District Court in New Jersey. Gonzalez, 28, of Miami admitted to hacking into Heartland, 7-Eleven, and Hannaford Bros. supermarket chain. In August, he was charged with conspiracy and conspiracy to engage in wire fraud for his role in the Heartland intrusion. He and two unnamed co-conspirators, residing in or near Russia, were accused of using SQL injection attacks to evade the victims' firewall to gain access to the network.

Gonzalez faces up to 20 years in prison if he is convicted on the wire-fraud conspiracy charge. The conspiracy charge carries a five-year sentence, and fines of $250,000 for each charge.

In conjunction with Tuesday's plea, a federal judge agreed to transfer the case to federal court in Massachusetts, where Gonzalez is awaiting sentencing for his role in a number of other hacks, which he pleaded guilty to in September.

He remains in federal custody on the separate charges of infiltrating several major retail chains, including TJX, which owns T.J. Maxx; Barnes & Noble; BJ's Wholesale Club; Boston Market; DSW; Forever 21; Office Max and Sports Authority -- and stealing more than 40 million credit card numbers.

Gonzalez faces up to 25 years in prison for these charges and is expected to be sentenced this month.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Report: Stolen card data is crime that concerns Americans most

A recent Gallup Crime poll indicates that Americans' top two worries revolve around having credit card data stolen or their computer or smartphones compromised.

Phishing campaign passes off Pony Stealer trojan as 'overdue invoice'

The malware has previously been used to steal $220,000 worth of bitcoins from victims.

Popular Science served up Rig Exploit Kit on its website

The monthly science magazine served up malicious code to readers earlier this week and has remedied the issue.