As reported yesterday in CSP Daily News, federal prosecutors earlier this week charged a Miami man with the largest case of credit and debit card data theft ever in the United States. Authorities said Albert Gonzales, 28, has broken his own record for identity theft by [image-nocss] hacking into more retail networks to steal data from 130 million accounts.
Prosecutors said Gonzales, who is also known online as "soupnazi," targeted customers of 7-Eleven Inc. and supermarket chain Hannaford Brothers Co. Inc. They also targeted Heartland Payment Systems, a card payment processor.
Dallas-based 7-Eleven said that the company became aware in late 2007 that a security breach had occurred. The affected transactions were limited to customers' use of certain ATMs, owned and operated by a third party, located in 7-Eleven stores over a 12-day period from October 28, 2007, through November 8, 2007. Steps were immediately taken to contain the security breach and prevent any recurrence, the chain said.
Upon being notified of the breach, the card companies in accordance with their standard fraud response procedures then alerted the issuing financial institutions regarding the security breach. Each financial institution made its own decision about what appropriate actions to take, including the issuance of new cards or putting card numbers on alert for fraud. These remedial measures were taken in late 2007 and early 2008.
7-Eleven said it "would like to thank the federal authorities for their diligence in pursuing the perpetrators of this crime. Because this matter is pending, we are not providing further details."
Gonzales, who is already in jail awaiting trial in a hacking case, was indicted in New Jersey, charged with conspiring with two other unnamed suspects to steal the private information. He is awaiting trial in New York for allegedly helping hack the computer network of the national restaurant chain Dave & Buster's. Trial in that case is due to begin next month.
He faces up to 20 years in prison if convicted of the new charges.
The Justice Department said the new case represents the largest alleged credit and debit card data breach ever charged in the United States, beginning in October 2006.
Gonzales allegedly devised a sophisticated attack to penetrate the computer networks, steal the card data and send that data to computer servers in California, Illinois, Latvia, the Netherlands and Ukraine.
The indictment also charges that Gonzales and his co-conspirators used sophisticated hacker techniques to cover their tracks and avoid detection.
Also last year, the Justice Department announced additional charges against Gonzales and others for hacking retail companies' computers for the theft of approximately 40 million credit cards. At the time, that was believed to be the biggest single case of hacking private computer networks to steal credit-card data.
Members help make our journalism possible. Become a CSP member today and unlock exclusive benefits, including unlimited access to all of our content. Sign up here.