TJX & Heartland Payment Systems- Data Thief receives Two 20 year Prison terms

Theft of over 130 million debit and credit cards delivered two 20 year prison sentences to Albert Gonzalez, 28, of Miami Florida last month. Gonzalez also had two Russian hacker counterparts in these attacks. As a result of their prosecution, they represent the largest hacking and identity theft ring ever prosecuted in the U.S.

DETAILS
A federal judge sentenced Albert Gonzalez to 20 years and one day in prison for being the master-mind behind the data security breaches into Heartland Payment Systems Inc. and other companies.

He was also sentenced to another 20 years in prison for his role in the theft and sale of millions of credit and debit cards from TJX Companies Inc., Barnes and Noble, 7-Eleven Inc., Hannaford Brothers and other retailers. Not to forget the more than 250 financial institutions that were affected as well. Both sentences are to be served concurrently.

How did they steal the data?? Well according to the indictment, they researched the credit and debit card systems. Then they used SQL injection attacks to bypass network firewalls to steal the data. They hid their activities by testing their malware against antivirus products prior to the attacks.

In the end, Gonzalez will spend many years in prison for the theft and sale of millions of debit and credit cards. He will also be required to serve three years of supervised release following his prison term. As far as fines - he was ordered to pay a $25,000 fine in both cases. A total of $50,000 dollars.

This fine by no means is large enough, in my opinion, given the shockwaves that still rumbles in the retail and financial sectors due to their crimes. As a result, PCI compliance and other safeguards have emerged to thwart these types of attacks in the future.

"These sentences -- some of the longest ever imposed for hacking crimes -- send a powerful message to hackers around the globe that U.S. law enforcement will not allow them to breach American computer networks and payment systems, or illegally obtain identities," said Assistant Attorney General Lanny A. Breuer.