This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

TJ Maxx hacker Albert Gonzalez sentenced to 20 years for his part in the compromise of almost 100 million credit and debit cards

Share this article:

Albert Gonzalez has been sentenced to 20 years in prison for his part in the hacking of more than 90 million credit and debit card numbers from TJ Maxx and other retailers.

Gonzalez, who was arrested last summer, and confessed to helping lead a ring that broke into the retailers, said that he buried $1 million cash in the garden of his parents' home and that his crimes got out of control ‘because of my inability to stop my pursuit of curiosity and addiction', according to Reuters.

Gonzalez's prison term could be extended today as another judge will sentence him on charges of stealing tens of millions more payment card numbers from companies including payment card processor Heartland Payment Systems, 7-Eleven and the Hannaford chain of New England grocery stores.

Mark Rasch, former head of the computer crimes unit at the US Department of Justice, said that it was the harshest sentence ever handed down for a computer crime in an American court.

Assistant US attorney Stephen Heymann said that Gonzalez and his co-conspirators had caused some $200 million in damages to those businesses, and that it was not possible to quantify how much money was stolen from individuals.

Heymann said: “He shook a portion of our financial system. What matters most is that teenagers and young adults not look up to Albert Gonzalez. They need to know that they will be caught. That they will be punished and that the punishment will be severe.”

Under his plea agreement, Gonzalez had faced up to 25 years in prison, but asked the judge for leniency in sentencing, saying he had been addicted to computers since childhood, had abused alcohol and illegal drugs for years and suffered from symptoms of Asperger's disorder.

Amichai Shulman, CTO of Imperva, said: “The lesson to draw from today's sentencing is simple: enterprises are fighting today's cyber war with yesterday's technology. Hackers continue to put up a persistent and very real threat to enterprise systems. The current data security spend is focused on enterprise networks, yet the Gonzalez attacks took distinct advantage of weaknesses in the database and applications. And this is an industry-wide problem.

“Today's sentencing will hopefully act as a deterrent to cyber crime in the US. However, the threat to enterprises from hackers like Gonzalez remains persistent.”

Graham Cluley, senior technology consultant at Sophos, said: “Twenty years is a breathtaking sentence for anyone to receive but it is particularly unusual for a computer crime.

“What's fascinating about this story is that Gonzalez was actually working for the US Secret Service when they became aware of his involvement in the 2007 hack. Clearly security measures need to be strengthened to avoid this ‘double agent' effect happening again.”

Update - Gonzalez was given a sentence of 20 years and one day for his part in the hacking of Heartland Payment Systems, 7-Eleven, and other companies. The sentence will run concurrently with his previous sentence.

For more information on data breaches, and how to avoid them, listen to the SC webcast with Larry Ponemon, chairman and founder of the Ponemon Institute on Tuesday 30th March.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Google and Facebook offer free cyber-security tools

Google and Facebook offer free cyber-security tools

Google and Facebook have both launched free open-source cyber-security tools this week, designed to help security professionals spot malware and cyber-attacks.

Mixed results for key Government cyber-initiatives

Mixed results for key Government cyber-initiatives

The Government's Verify scheme to confirm IDs is behind scheuduled uptake, but its CISP threat intelligence sharing scheme is ahead of target.

Hundreds of companies face 2,000 cyber-attacks in EU exercise

Hundreds of companies face 2,000 cyber-attacks in EU ...

The European Network and Information Security Agency (ENISA) conducted a 24-hour cyber-exercise in which more than 200 organisations from 25 EU member states faced virtual cyber-attacks from white hat hackers ...