March 26, 2010 -- The hacker behind the largest credit and debit card data breach in U.S. history was sentenced to 20 years in prison Thursday, after he apologized for his lead role in swiping data from more than 130 million accounts, costing companies, banks and insurers nearly $200 million.
Albert Gonzalez, who operated under the hacker alias SoupNazi, pleaded guilty last year to slipping into the computer networks of major retailers such as TJ Maxx, BJ's Wholesale Club, Barnes & Noble, OfficeMax and Boston Market.
To pull off the caper, Gonzalez, 28, would hack into the Heartland Payment systems that handled credit card transactions for major retailers. Then the Miami resident got creative. He would cruise by stores with his laptop and infiltrate wireless Internet signals.
A Trojan Horse program would be planted in the store's network and Gonzalez would later vacuum out credit and debit numbers.
Authorities say Gonzalez operated with two co-conspirators and operated overseas as well. All told, the operation stole more than $200 million. The Secret Service estimated that the potential economic loss could be in the billions. Gonzalez personally amassed $2.8 million.
For his efforts, Gonzalez lived a lavish lifestyle of fancy cars, Rolex watches and a Tiffany ring for his girlfriend. As part of his plea deal, Gonzalez agreed to give up many of the extravagant possessions, along with $2.7 million, according to the Associated Press.
Gonzalez's defense suggested he was a savant genius who was addicted to the Internet.
"He recognizes what he did was wrong," Gonzalez's attorney Martin Weinberg said, according to the AP.
Grant Geyer, vice president of Symantec Managed Security Services, said that no matter how sophisticated cyber protections get, hackers will likely rise to the occasion.
"The criminals are getting smarter and smarter," Geyer said. "You can make the walls higher and higher, but give them enough technology and they will find a way over the wall, around the wall or under the wall."
Expert: How to Protect Credit and Debit Card Data
But there are steps cardholders can take to keep their data safer.
"Well, we don't want to stop shopping online or doing online banking ... we need to be diligent," cyber security expert Dan Clements said.
Make sure accounts aren't being pinged for even $1. If just $1 is missing, it's worth investigating for a scheme.
Reset the PIN every six months.
Cover the PIN when entering it. Because cardholders often punch in the PIN under security cameras, a crooked clerk would only need to rewind the tape, look at the charge and then capture the debit account, Clements said.
"PINs are gold out there," Clements said. "That's modern day bank robbery."
The Associated Press contributed to this report.