TJX hacker to plead guilty to Heartland breach

Share this article:
After admitting to the TJX hacks three months ago, Albert Gonzalez has now agreed to plead guilty to charges he broke into the network of Heartland Payment Systems and several other companies to steal more than 130 million credit and debit card numbers.

The plea agreement was filed Tuesday in U.S. District Court in New Jersey. Gonzalez, 28, of Miami admitted to hacking into Heartland, 7-Eleven, and Hannaford Bros. supermarket chain. In August, he was charged with conspiracy and conspiracy to engage in wire fraud for his role in the Heartland intrusion. He and two unnamed co-conspirators, residing in or near Russia, were accused of using SQL injection attacks to evade the victims' firewall to gain access to the network.

Gonzalez faces up to 20 years in prison if he is convicted on the wire-fraud conspiracy charge. The conspiracy charge carries a five-year sentence, and fines of $250,000 for each charge.

In conjunction with Tuesday's plea, a federal judge agreed to transfer the case to federal court in Massachusetts, where Gonzalez is awaiting sentencing for his role in a number of other hacks, which he pleaded guilty to in September.

He remains in federal custody on the separate charges of infiltrating several major retail chains, including TJX, which owns T.J. Maxx; Barnes & Noble; BJ's Wholesale Club; Boston Market; DSW; Forever 21; Office Max and Sports Authority -- and stealing more than 40 million credit card numbers.

Gonzalez faces up to 25 years in prison for these charges and is expected to be sentenced this month.

Share this article:

Sign up to our newsletters

More in News

Cyber Command tests gov't collaboration in wake of attacks

The two-week exercise, "Cyber Guard 14-1," was completed this month.

Text message spammer settles charges filed by FTC

Text message spammer settles charges filed by FTC

Rishab Verma and his company agreed to settle charges filed by the FTC that Verma sent millions of spam text messages that deceitfully promised free merchandise.

Rhode Island hospital to pay $150K for past data breach

More than 12,000 patients' personal and health information was compromised in a breach at The Women & Infants Hospital of Rhode Island.