" />

The Moderate Voice

An Internet hub with domestic and international news, analysis, original reporting, and popular features from the left, center, indies, centrists, moderates, and right


You are here: Home / Science & Technology / Fed Indictment For Biggest Data Breach Ever: 130 Million Bank Cards

Fed Indictment For Biggest Data Breach Ever: 130 Million Bank Cards

by 2 Comments

The DOJ announced an indictment today in what looks to be the biggest credit card data breach of all time. Ars Technica:

Indeed, before today, the former high score was represented by the scarlet letter on TJX’s forehead, parent company of retailer T.J. Maxx. That data breach involved “at least” 45.7 million credit and debit card numbers that occurred between mid-2005 and early 2007, as well as various points in 2003 and 2004. The theft of such a massive amount of data occurred, unsurprisingly, due to glaring security holes in the computer systems that process and store payment information.

[28-year-old Albert] Gonzales’ success came for similarly stupid reasons. Heartland Payment Systems, one of the companies victimized, revealed earlier this year that it may have leaked up to 100 million credit and debit accounts onto the black market due to malware in its system. It turns out that one of the systems in the payment processing chain had been infected with an unidentified bit of malware designed to track and report the magnetic information stored on the back of a credit card as that data was sent through the system. Though Heartland said that no personally identifiable information was transmitted, that magnetic data could easily be transferred to a new physical card.

Gonzales is facing up to 20 years in prison, and isn’t likely to win over any sympathy points on this one, either. As it turns out, he is already in federal custody thanks to a previous incident wherein he supposedly hacked the network for a major restaurant chain in May of 2008. Additionally, in August of 2008, Gonzales was indicted for a series of other retail hacks that affected eight major retailers and the theft of 40 million more credit card numbers. “The charges announced today relate to a different pattern of hacking activity that targeted different corporate victims and involved different co-conspirators,” explained the DoJ. Given Gonzales’ history, it seems that 130 million credit and debit cards may just be the tip of the iceberg.

Some of the account numbers were sold online, some were used to make purchases and some for withdrawals from banks. Here’s the indictment filed in New Jersey (via NYTimes). Wired has more on Gonzales.

Via Clusterstock, “The good news is that most of these credit cards are probably maxed out already.”