Indictments Arrive for Largest U.S. Credit Card Breach
Charges pile up for Albert Gonzalez and two unnamed alleged co-conspirators who federal prosecutors say helped engineer SQL injection attacks on Heartland Payment Systems, 7-Eleven and the Hannaford Brothers grocery store chain. Gonzalez also faces different charges for allegedly carrying out a security hack against restaurant chain Dave & Buster's.Albert Gonzalez, a 28-year-old resident of Miami, was indicted Aug. 17 for his alleged participation in the largest credit and debit card data breach ever charged in the United States. Federal prosecutors say Gonzalez' corporate victims included Heartland Payment Systems, a New Jersey-based card payment processor; 7-Eleven, a Texas-based nationwide convenience store chain; and Hannaford Brothers, a Maine-based supermarket chain. In a two-count indictment alleging conspiracy and conspiracy to engage in wire fraud, Gonzalez (aka segvec, soupnazi and j4guar17) is charged-along with two unnamed co-conspirators-with launching an SQL injection attack against his victims. SQL attacks seek to exploit computer networks by finding a way around a network's firewall to steal credit and debit card information.
The indictment alleges that beginning in October 2006 Gonzalez and his co-conspirators researched the credit and debit card systems used by their victims and devised a sophisticated attack to penetrate their networks and steal credit and debit card data. Gonzalez then allegedly sent that data to computer servers the group operated in California, Illinois, Latvia, the Netherlands and Ukraine.