QUICK LINKS: Vending Videos  | Micromarkets  |

VT Classifieds

|

Buy a Classified Ad

|

Editorial Calendars

|

Circulation Data

|

Downloads

|

Bookstore

|

Operators Date Book

Search:    

Bookmark this site




Issue Date: Vol. 49, No.8, August 2009, Posted On: 8/18/2009


Feds Indict Key Suspect In Heartland Card Payment Security Breach


by Staff Reporter
Feds Indict Key Suspect In Heartland Card Payment Security Breach
Heartland Payment Systems, Albert Gonzalez, cyber crime, credit card number theft, Card payment security breach, vending, vending news, automatic retailing, wire transfer fraud, cybercrimals, cyber criminals, coin-op news, Dave & Buster's

NEWARK, NJ -- Federal prosecutors have indicted Albert Gonzalez, 28, on charges that he and two accomplices were responsible for theft of credit and debit card data from five major companies, including Heartland Payment Systems (Princeton, NJ), between October 2006 and May 2008.

The indictment in the United States District Court here includes two unnamed Russians who allegedly conspired with Gonzalez to conduct the exploit.

Other victims identified in the indictment include 7-Eleven Inc. (Dallas); Hannaford Bros. (Portland, ME), a regional supermarket chain; and two more retailers that were not identified.

Gonzalez has been held in Brooklyn, NY, since May 2008 accused of endeavoring to compromise the network of Dave & Buster's (Dallas), a national restaurant and amusement chain. He also faces charges in Boston relating to a 2005 theft of data from T.J. Maxx stores.

The recent indictment accuses Gonzalez and the two Russians of stealing information for more than 130 million cards during the 20-month period. If convicted, they face sentences of up to 35 years.

Gonzalez has been known to law enforcement agencies since 2003, when he was arrested in New Jersey. He then cooperated with investigators to identify his confederates in the widespread but shadowy world of commerce in stolen identities. The latest indictment states that he later reconnected with that world and went back to planning lucrative security breaches.

Investigators explained that Gonzalez and his cohorts made use of a weakness in SQL (Structured Query Language) that allows hackers to "inject" new instructions into cardholder databases, then run a malicious program that relays transaction data to the culprits' computers when a victim uses his or her card. The three are accused of employing computers in Ukraine, Latvia, The Netherlands and the U.S. to receive the stolen information. Among other things, successful pilfering of card data apparently permitted the perpetrators to withdraw large sums of money from automated teller machines.

According to a story in The Wall Street Journal, the indictment didn't estimate the losses associated with the alleged activities, nor did it explain how the suspected cybercrimals might have profited from the stolen numbers. The paper reported that hackers typically sell batches of credit-card data online. According to the Journal's investigation, the current asking price in online forums is $10 to more than $100 per account profile, depending on the account's limit.

Wire fraud has exploded in recent years because wire transfers now use networks that connect to the Internet. The Treasure Department estimated that more than 55,000 incidents of wire fraud have occurred since 1998, and more than half of them transpired in the past two years.


Topic: Vending Features

Articles:
  • U-Vend Named Exclusive Self-Serve Merchandiser Of Arthur's Smoothies In Canada
  • Automated Merchandising Systems Changes Ownership; Roger Tovar Becomes CEO
  • Coke Buys Stake In Monster Beverage For $2.15B
  • San Diego Prohibits E-Cigarette Sales Through Vending Machines
  • California Lawmakers Kill Proposed Ban On E-Cigarette Vending Machines

Copyright © 2014 Vending Times Inc. All rights reserved. 
P: (516) 442-1850 | F: (516) 442-1849 | subscriptions@vendingtimes.net
55 Maple Ave. - Ste. 304, Rockville Centre, NY 11570