Hacker accused of massive ID theft

• Article
• Comments ()
• Click-2-Listen
• Videos

By Ben Conery and William Ehart

An informant who once helped federal investigators hunt computer hackers is now accused of turning on the government to help perpetrate the worst credit card scam in the nation's history, leaving vulnerable the identities of millions of Americans.

Albert Gonzalez, 28, of Miami, was charged Monday with conspiracy to commit wire fraud. Authorities say he hacked into the computer networks of major American retail and financial outlets, stealing data relating to more than 130 million credit and debit cards, about one-tenth of the U.S. total, authorities said.

Authorities said Mr. Gonzalez, whose online nicknames included "soupnazi," worked with two men in Russia and targeted the 7-Eleven convenience store chain; Heartland Payment Systems, a New Jersey-based company that is one of the world's largest credit and debit card payment-processing companies; and Hannaford Brothers, a supermarket chain in the Northeast. The indictment says the scheme also targeted two other companies, which it did not name.

"Upon stealing the credit and debit card data, Gonzalez and the co-conspirators would seek to sell the data to others who would use it to make fraudulent purchases, make unauthorized withdrawals from banks and further identity theft schemes," the Justice Department said in a statement.

Mr. Gonzalez has been jailed for more than a year, but the information and card numbers he is accused of selling would presumably still be in the hands of the buyers.

It is unknown exactly what impact this will have on individual consumers, but one expert - who estimates there are about 1 billion credit cards and 250 million debit cards issued in the U.S. - sees it as an ominous sign.

"I guarantee you two things, that any company who does not take a look at this scenario and see the writing on the wall will in the near future find out the hard way," said Jay Foley, executive director of the Identity Theft Resource Center, which is in San Diego. "And two, this is just the start of it, folks; it's going to get a lot worse."

He noted that Heartland and the entire debit card industry are much looser in their security procedures than the big banks and credit card issuers.

The largest companies "use robust programs for detecting anomalies in your spending habits, whereas the smaller companies and the little private companies don't necessarily use that kind of support. And to make things worse, the debit card industry doesn't use it at all," he said.

For the companies involved, the impact can clearly be found on their bottom lines. In May, Heartland Payment Services, which handles millions of transactions daily, disclosed that the then-unattributed security breach in which Mr. Gonzalez was charged Monday had cost it nearly $32 million already, an amount that included legal fees and fines from credit card companies.