The hacker who enabled the theft of millions of credit card numbers from Heartland Payment Systems Inc. (NYSE: HPY), TJX Companies Inc. (NYSE: TJX) and others has pleaded guilty to two counts of conspiracy and will receive a prison term of at least 17 years.
Albert Gonzalez, the hacker, has already pleaded guilty in two other cases related to the theft. As part of his plea agreement in those cases, in Boston and New York, he agreed to ask for no less than 15 years in prison and the government agreed to ask for no more than 25 years.
Gonzalez is among the hackers charged with using SQL injection attacks to steal credit and debit card information from, among others, credit card payment processing company Heartland Payment Systems
, 7-Eleven Inc. and Hannaford Bros Co., a Maine supermarket chain. He was charged with selling millions of credit and debit card numbers from TJX, BJ’s Wholesale Club Inc. (NYSE: BJ), OfficeMax Inc. (NYSE: OMX), Boston Market Corp., Barnes & Noble Inc. (NYSE: BKS) and Sports Authority, the U.S. Department of Justice said.
In the most recent case in New Jersey, Gonzalez said he won’t seek a prison term under 17 years. In addition, the term will run concurrently with the sentences of the previous cases. Sentencing for all three cases will be handed down in March.
The DoJ says that the case is one of the largest data breaches ever investigated and prosecuted in the United States. The plea agreement says that Gonzalez leased servers to other hackers who used the servers to store malicious software and launch attacks against corporate victims.
Visa and MasterCard lost a combined $150 million as a result of that breach.
Gonzales was arrested in Miami in 2008.