Heartland Hacker to be Sentenced in MarchNearly one year after the announcement of the biggest known data breach ever reported, the international hacker behind the crime pled guilty and will be sentenced in March.
Albert Gonzalez, 28, of Miami, pleaded guilty to conspiring to hack into the Heartland Payment Systems computer network. The hack is estimated to have impacted 130 million credit and debit cards.
Gonzalez, also known as "segvec," "soupnazi" and "j4guar17," admits guilt to two counts of conspiracy to gain unauthorized access to the payment card networks operated by Heartland Payment Systems. He also pled guilty to hacking networks of 7-Eleven, a Texas-based nationwide convenience store chain, and Hannaford Brothers Co. Inc., a Maine-based supermarket chain.
Information revealed in the plea agreement shows Gonzalez controlled several servers, or "hacking platforms," and gave access to these servers to other hackers, knowing that they would use them to store malicious software, or "malware," and launch attacks against corporate victims. Malware used against several of the corporate victims was also found on a server controlled by Gonzalez. Gonzalez tested malware by running multiple anti-virus programs in an attempt to find out if the programs detected the malware. Gonzalez was indicted in New Jersey in August 2009 for the Heartland breach.
Gonzalez faces up to 25 years in prison for the Heartland breach and the other intrusions. This sentence will come on top of that meted out for 19 charges he pled guilty to in September related to the data breaches of several U.S. retailers, including TJX Companies, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble and Sports Authority and Dave & Buster's restaurant chain. Gonzalez pled guilty to those breaches in September 2009. Sentencing in the Boston and New York cases is set for March 18; the New Jersey case sentencing is set for March 19.