You are here
WASHINGTON -- Federal prosecutors charged a Miami man in the largest-ever case of debit and credit card data theft in the nation.
Albert Gonzales, 28, and two unnamed Russian conspirators were charged with identity theft by hacking into retail networks, including those owned by convenience store chain 7-Eleven Inc. and the Hannaford Brothers Co. supermarket chain, beginning in October 2006.
Gonzales is charged with attempting to steal data from 130 million accounts, according to a report by The Associated Press.
Gonzales, already in jail awaiting trial in another hacking case, was charged with conspiring with two other unnamed suspects to steal the private information.
7-Eleven became aware in late 2007 that a security breach occurred. The affected transactions were limited to customers’ use of certain ATMs, owned and operated by a third party and located in 7-Eleven stores, over a 12-day period from Oct. 28, 2007, through Nov. 8, 2007.
"Steps were immediately taken to contain the security breach and prevent any recurrence," the retailer said in a statement.
According to 7-Eleven, upon being notified of the breach, the card companies, in accordance with their standard fraud response procedures, alerted the issuing financial institutions regarding the security breach. Each financial institution made its own decision about what actions to take, including the issuance of new cards or putting card numbers on alert for fraud. These measures were taken in late 2007 and early 2008.
"7-Eleven would like to thank the federal authorities for their diligence in pursuing the perpetrators of this crime," the company said, adding it would not provide further details, because the matter is pending.
Prosecutors said Gonzales, who is known online as "soupnazi," also targeted customers of Heartland Payment Systems, a New Jersey-based card payment processor, according to the report.
Gonzales is awaiting trial in New York for allegedly helping hack restaurant chain Dave & Buster's computer network. He faces up to 20 years in prison if convicted of the new charges, the AP reported.
Gonzales allegedly created a way to enter the computer networks, steal the card data and send it to computer servers in California, Illinois, Latvia, the Netherlands and Ukraine.
According to the new indictment and The New York Times, Gonzalez and his conspirators reviewed lists of Fortune 500 companies to decide which corporations to target and visited the stores to see which payment systems were used. The online attacks took advantage of flaws in the SQL programming language, which is commonly used for databases.
7-Eleven Launches Campaign to Stop 'Unfair' Credit Card Transaction Fees
Maverik Makes a Quick Fix to Computer Glitch