This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

TJ Maxx hacker Albert Gonzalez sentenced to 20 years for his part in the compromise of almost 100 million credit and debit cards

Share this article:

Albert Gonzalez has been sentenced to 20 years in prison for his part in the hacking of more than 90 million credit and debit card numbers from TJ Maxx and other retailers.

Gonzalez, who was arrested last summer, and confessed to helping lead a ring that broke into the retailers, said that he buried $1 million cash in the garden of his parents' home and that his crimes got out of control ‘because of my inability to stop my pursuit of curiosity and addiction', according to Reuters.

Gonzalez's prison term could be extended today as another judge will sentence him on charges of stealing tens of millions more payment card numbers from companies including payment card processor Heartland Payment Systems, 7-Eleven and the Hannaford chain of New England grocery stores.

Mark Rasch, former head of the computer crimes unit at the US Department of Justice, said that it was the harshest sentence ever handed down for a computer crime in an American court.

Assistant US attorney Stephen Heymann said that Gonzalez and his co-conspirators had caused some $200 million in damages to those businesses, and that it was not possible to quantify how much money was stolen from individuals.

Heymann said: “He shook a portion of our financial system. What matters most is that teenagers and young adults not look up to Albert Gonzalez. They need to know that they will be caught. That they will be punished and that the punishment will be severe.”

Under his plea agreement, Gonzalez had faced up to 25 years in prison, but asked the judge for leniency in sentencing, saying he had been addicted to computers since childhood, had abused alcohol and illegal drugs for years and suffered from symptoms of Asperger's disorder.

Amichai Shulman, CTO of Imperva, said: “The lesson to draw from today's sentencing is simple: enterprises are fighting today's cyber war with yesterday's technology. Hackers continue to put up a persistent and very real threat to enterprise systems. The current data security spend is focused on enterprise networks, yet the Gonzalez attacks took distinct advantage of weaknesses in the database and applications. And this is an industry-wide problem.

“Today's sentencing will hopefully act as a deterrent to cyber crime in the US. However, the threat to enterprises from hackers like Gonzalez remains persistent.”

Graham Cluley, senior technology consultant at Sophos, said: “Twenty years is a breathtaking sentence for anyone to receive but it is particularly unusual for a computer crime.

“What's fascinating about this story is that Gonzalez was actually working for the US Secret Service when they became aware of his involvement in the 2007 hack. Clearly security measures need to be strengthened to avoid this ‘double agent' effect happening again.”

Update - Gonzalez was given a sentence of 20 years and one day for his part in the hacking of Heartland Payment Systems, 7-Eleven, and other companies. The sentence will run concurrently with his previous sentence.

For more information on data breaches, and how to avoid them, listen to the SC webcast with Larry Ponemon, chairman and founder of the Ponemon Institute on Tuesday 30th March.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

34 European banks hit by Android app security attacks

34 European banks hit by Android app security ...

Banks need to put their heads together to develop common and more secure methodologies says Sarb Sembhi, STORM Guidance, following operation Emmental.

Entrepreneur develops hacked data search engine

Entrepreneur develops hacked data search engine

A Portuguese entrepreneur is said to have developed a specialised search engine that can allow access to leaked or allegedly stolen access credentials.

Insider threat levels from ex-staffers greater than expected

Insider threat levels from ex-staffers greater than expected

A third of of ex-employees have access to company data and 9 percent have used their access privileges, says new research.