US Credit Card Hacker Pleads Guilty

Reputed hacker Albert Gonzalez, the Miami man tied by investigators to several major data breaches, has agreed to plead guilty to a variety of charges, according to reports.

Under the plea agreement, Gonzalez, 28, will face a maximum of 25 years in prison. According to authorities, he is at the center of a ring of cyber-thieves who swiped credit and debit card information from companies ranging from Heartland to Barnes & Noble.

The deal reportedly covers charges in New York and Massachusetts. Additional charges are still pending in New Jersey.

Gonzalez and 10 other people from five countries were charged in 2008 with stealing 41 million credit and debit card numbers from several retailers, including Barnes & Noble, Boston Market, OfficeMax and TJX Companies. Roughly two weeks ago, he was indicted again—this time in federal district court in New Jersey—for hacking into Heartland Payment System, 7-Eleven and Hannaford Bros. and making off with more than 130 million card numbers.

The indictment filed against Gonzalez in New Jersey painted the picture of a sophisticated cyber-crime ring. Gonzalez and his cohorts breached the corporations’ security with SQL injection attacks and then planted malware on the companies’ systems to intercept card data.

When they announced the indictment in New Jersey, U.S. Department of Justice officials said the success of the investigation was in part due to the companies taking a proactive approach to working with law enforcement.

“This investigation marks the continued success of law enforcement in tracking down cutting edge hacking schemes committed by hackers working together across the globe,” said Ralph J. Marra Jr., acting U.S. Attorney, in a statement.