A former informant for the Secret Service was one of three men charged today with stealing credit and debit card information from 130 million American accounts in the largest data breach in U.S. history. The former informant, Albert Gonzalez of Florida, was alleged to have been the ringleader of the hacking operation, officials told ABCNews.com
Gonzalez and two other unidentified hackers believed to be from Russia have been charged with hacking into Heartland Payment Systems, 7-11 and Hannaford Brothers Company. Heartland announced the series of intrusions on Inauguration Day earlier this year and reported them to authorities.
Gonzalez has previously been charged in a case involving the restaurant chain Dave & Busters, where almost 5,100 credit card numbers had been taken from their computer systems. Also known as "Segvec", "SoupNazi," and "j4guar17," Gonzalez was previously charged in that case with wire fraud conspiracy along with Maksym Yastremskiy. Yastremskiy, who hails from Kharkov, Ukraine, and several associates were indicted in the U.S., accused of installing sniffing software at the restaurant chain Dave & Busters. The indictment in that case was overseen by the U.S. Attorney's Office in the Eastern District of New York.
Gonzalez, according to Justice Department officials, is believed to be the ring leader of a prolific hacking network that spans over five years of serious criminal activity. In a statement today, Acting U.S. Attorney Ralph J. Marra Jr said, the investigation "marks the continued success of law enforcement in tracking down cutting edge hacking schemes committed by hackers working together across the globe."
Gonzalez was originally arrested in 2003 by the U.S. Secret Service and began working with the agency as an informant. Federal investigators say they later learned that the hacker had been tipping off other hackers on how to evade detection of security and law enforcement worldwide. It was this investigation, authorities say, that led them to learn that Gonzalez was also involved in a data breach of the TJX Corporation, which involved up to 45 million credit card numbers being targeted.
After concluding that Gonzalez had become a rogue informant, officials say they decided to charge him in the TJX case in an indictment out of the U.S. Attorney's Office from Boston. That breach compromised cards processed at the corporation which includes discount stores in the U.S. such as T.J. Maxx, Marshalls and the T.K. Maxx chain in Europe. Gonzalez was charged along with 10 other defendants for also hacking into BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW.
The new charges returned by a grand jury out of New Jersey allege that Gonzalez provided "sniffer" software used to intercept the credit and debit card numbers for the Russian hackers. The indictment also mentions an unindicted coconspirator only identified as P.T, who is believed to split his time between Virginia Beach and Miami.