Feds Bust Largest-Ever Identity Theft Scheme

Scam hit some of the country's largest companies

Check your bank statements.

Federal officials have just broken up what is believed to be the largest hacking and identity theft case in U.S. history, affecting more than 130 million credit and debit card numbers, prosecutors said today.

A federal indictment filed out of Newark accuses three people of operating the massive scheme between October 2006 and May 2008.

Over 130 million credit card and debit card numbers and their corresponding account information were stolen from Heartland Payment Systems, Inc., based in Princeton, N.J., 7-Eleven, Inc., and Hannaford Brothers Co., the indictment said. Two other unidentified corporations were also hacked, prosecutors said.

According to its website, Heartland Payment Systems is one of the nation's largest payment processors, serving some 250,000  merchants. Hannaford Brothers is a supermarket chain operating in the Northeast, with stores in New York, Pennsylvania, Maine, Massachusetts, New Hampshire and Vermont.

Prosecutors said the scheme was run by 28-year-old Albert Gonzalez of Miami who acted with two unnamed co-conspirators from Russia.

Read the indictment

After stealing the credit and debit card data, the three would try and sell the information to others to make fraudulent purchases and unauthorized withdrawals of cash, prosecutors aid.

The scheme is believed to constitute the largest hacking and identity theft case ever prosecuted by the Justice Department.

Though it took nearly two years to stop the breach, the Justice Department called the investigation a success and it thanked the corporate victims for their cooperation.

“When companies make the decision to work with law enforcement and disclose a data breach at the earliest possible opportunity, it provides the best chance at apprehending a hacker and demonstrates that those corporate victims will actively defend their systems," Acting U.S. Attorney Ralph J. Marra said.

The three accused hackers picked their corporate victims by scanning the list of Fortune 500 companies and visiting retail stores to figure out what kind of payment systems were being used, the indictment said.

The three set up hacking platforms that uncovered where their victims' computer systems stored the financial information, and once that data was discovered, it as stolen from the corporate servers and placed onto servers controlled by Gonzalez and the co conspirators in New Jersey and around the world, the indictment said. 

As they copied the vital information, the three accused hackers stayed in touch via instant message, the Justice Department said.

In addition to searching for credit and debit card data on the victims’ computer systems, the indictment also alleges that Gonzalez and the co-conspirators installed “sniffers” which conducted would intercept credit and debit card data as it was being processed.

Gonzalez has been charged with two counts of conspiracy and is currently being held in the Metropolitan Detention Center in Brooklyn.  He has a colorful history as a hacker, court documents allege.  He was indicted in 2008 for a different scheme to steal financial information from huge companies including OfficeMax, Barnes and Noble and DSW.  In 2003 he was arrested in New Jersey on charges of debit card fraud.

Contact Us