Hacker Albert Gonzalez is sentenced to 20 years in prison for his role in hacking TJX, Barnes & Noble, OfficeMax and other retailers. He faces the possibility of more time behind bars when he is sentenced for his role in hacking a slew of other companies, including Heartland Payment Systems.
mastermind behind some of the most high-profile data breaches in recent history
was sentenced on March 25 to 20 years in prison.
Gonzalez, 28, pleaded guilty in 2009 to charges in Massachusetts,
New York and New
Jersey and faced as many as 25 years behind bars for hacking
several major retailers,
including BJ's Wholesale Club, TJX
Companies and OfficeMax. Gonzalez still faces sentencing tomorrow for involvement
in a slew of other breaches, including the compromise of millions of credit
cards in the Heartland
Payment Systems breach.
sentence is the longest ever imposed in a hacking or identity theft case.
Gonzalez's lawyer reportedly argued
stating that Gonzalez exhibited behavior consistent with
Asperger's Syndrome. Prosecutors meanwhile sought a 25-year sentence on the
grounds that Gonzalez's crew "shook
a portion of our financial system
" and a stiff sentence would
serve as a deterrent.
Gonzalez cases helped invigorate discussions
about compliance with PCI DSS
(the Payment Card Industry Data Security Standard)
and the fact that annual compliance audits are only snapshots in time, not the
be-all and end-all of security.
remains the most successful cyber-security mandate today, but as we all know,
achieving compliance doesn't always mean achieving security," said Amichai
Shulman, CTO of Imperva. "The Gonzalez
attacks are a case in point. Companies should look to the PCI council to help
them better define and implement policies and technologies that protect
sensitive data, and should always strive to improve and enhance their data
security practices to meet or exceed industry standards."
Maloof, CTO of TriGeo Network Security, was
optimistic the sentence would send a clear message to cyber-criminals.
you use a computer to steal or provide tools that encourage others to steal,
you will go to jail-hopefully, for a very, very long time," Maloof said.