Appearing in federal court in Boston, Gonzalez, a former Secret Service informant, pleaded guilty to two counts of conspiracy to gain unauthorized access to computers, and to commit wire [image-nocss] fraud. In a plea deal, prosecutors have agreed to seek a sentence of no more than 25 years, and Gonzalez has agreed to ask the court for no less than 17 years in prison.
U.S. District Judge Douglas P. Woodlock set the sentencing date for March 19.
Gonzalez, 28, is already facing a likely 15 to 25 years in two earlier federal cases involving intrusions into Dave & Buster's restaurants and the retail company TJX. Gonzalez is set to be sentenced in these cases on March 18. Prosecutors have asked for his sentences in the three cases to run concurrently.
The newest plea comes one week after a former Morgan Stanley programmer was sentenced to two years in prison for providing Gonzalez with a sniffing program that was used to siphon card data from the TJX network, according to the report.
Two weeks ago, one of Gonzalez's attorneys filed a psychiatric evaluation with the court pleading for the minimum sentence for him and suggesting that Gonzalez might suffer from Asperger's Disorder, and therefore may not have had the "capacity to knowingly evaluate the wrongfulness of his actions."
Gonzalez, known by the online nicks "segvec" and "Cumbajohnny," was charged in August in New Jersey, along with two unnamed Russian conspirators, with hacking into Heartland Payment Systems, a New Jersey-based card processing company, as well as Hannaford Brothers, 7-Eleven and two unnamed "major" national retailers identified only as Company A and Company B, the report says. Earlier this month, the case was transferred from New Jersey to Massachusetts.
The New Jersey indictment charges Gonzalez and cohorts with stealing information on more than 130 million cards from the five companies. But Assistant U.S. Attorney Erez Liebermann of the Justice Department's New Jersey district office has said that the "vast majority" of the 130 million cards were stolen in the breach of Heartland Payment Systems, according to the report.
Shortly after Tuesday's hearing, Reuters news agency published a report saying that Target has admitted that it was one of Gonzalez's previously unidentified victims. Target told Reuters that it had been hacked about two years ago.
Members help make our journalism possible. Become a CSP member today and unlock exclusive benefits, including unlimited access to all of our content. Sign up here.