Hacker pleads guilty to huge theft of card numbers

BOSTON -- A computer hacker who was once a federal informant and was a driving force behind one of the largest cases of identity theft in U.S. history pleaded guilty Friday in a deal with prosecutors that will send him to prison for up to 25 years.

Albert Gonzalez, 28, of Miami, admitted pulling off some of the most prominent hacking jobs of the decade — invading the computer systems of such retailers as TJX, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble and Sports Authority. Federal authorities say tens of millions of credit and debit card numbers were stolen.

Gonzalez entered guilty pleas in U.S. District Court in Boston to 19 counts of conspiracy, computer fraud, wire fraud, access device fraud and aggravated identity theft. He also pleaded guilty to a New York indictment charging one count of conspiracy to commit wire fraud for hacks into the Dave & Buster's restaurant chain.

Under his plea agreements, Gonzalez faces 15 to 25 years in prison in the Massachusetts case and up to 20 years in the New York case. The sentences would run concurrently. If he had been convicted of all the charges and sentenced to the maximum, he could have received a sentence of several hundred years.

Sentencing is scheduled for Dec. 8.

Authorities said Gonzalez was the ringleader of a group that targeted large retailers.

Gonzalez's Miami attorney, Rene Palomino Jr., said Gonzalez is "extremely remorseful."

"He just feels really bad, mainly because of the damage he's caused, but also because of what his family has had to endure," Palomino said. "He just wants to go ahead and do the right thing and take responsibility for his actions. One day, he will go and lead a productive life like any other citizen."

Michael Loucks, acting U.S. Attorney for Massachusetts, said the investigation and prosecution of identity theft is a top priority of the Justice Department.

"In the past 10 years, there has been a dramatic growth in the transfer and storage of credit and debit card data on computer networks, Loucks said in a statement. "It is ... important that we work hard to investigate and prosecute the theft of personal identity data that citizens entrust to computer networks every day."