Threat Management, Threat Management, Vulnerability Management

TJX hacker to plead guilty to Heartland breach

After admitting to the TJX hacks three months ago, Albert Gonzalez has now agreed to plead guilty to charges he broke into the network of Heartland Payment Systems and several other companies to steal more than 130 million credit and debit card numbers.

The plea agreement was filed Tuesday in U.S. District Court in New Jersey. Gonzalez, 28, of Miami admitted to hacking into Heartland, 7-Eleven, and Hannaford Bros. supermarket chain. In August, he was charged with conspiracy and conspiracy to engage in wire fraud for his role in the Heartland intrusion. He and two unnamed co-conspirators, residing in or near Russia, were accused of using SQL injection attacks to evade the victims' firewall to gain access to the network.

Gonzalez faces up to 20 years in prison if he is convicted on the wire-fraud conspiracy charge. The conspiracy charge carries a five-year sentence, and fines of $250,000 for each charge.

In conjunction with Tuesday's plea, a federal judge agreed to transfer the case to federal court in Massachusetts, where Gonzalez is awaiting sentencing for his role in a number of other hacks, which he pleaded guilty to in September.

He remains in federal custody on the separate charges of infiltrating several major retail chains, including TJX, which owns T.J. Maxx; Barnes & Noble; BJ's Wholesale Club; Boston Market; DSW; Forever 21; Office Max and Sports Authority -- and stealing more than 40 million credit card numbers.

Gonzalez faces up to 25 years in prison for these charges and is expected to be sentenced this month.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.