Data theft record: 130 million card accounts stolen by Albert Gonzales
Security magazines and news sites have been raving about the case of Albert Gonzales. This man holds a record no one is really proud of: he has been charged with the largest number of stolen credit and debit cards accounts, about 130 million of them.
The story of Gonzales is rather complicated. After being indicted in May in the TJX breach – the one thought to be the largest in history until recently, it is said Gonzales has worked with the authorities to help them find all those involved in breaches he had taken part in. While his defense lawyer was looking forward to a settlement, new charges have surfaced. The federal authorities have charged him for attacks that breached credit card processor Heartland Payment Systems, retailers 7-Eleven and Hannaford Brothers, and a couple of other companies.
Gonzales seems to be behind all the largest data heists of the past few years:
- 130 million credit and debit card accounts taken from Heartland Payment Systems’ servers
- at least 94 million credit and debit card accounts stolen from TJX
- 4.2 million accounts were stolen from Hannaford’s servers
According to DarkReading, all the attacks Gonzales was involved in used familiar, easy to prevent methods to obtain the information they wanted:
While the attacks appear to be phased-in and coordinated, the attackers didn’t employ any hacks that the victim organizations could not have defended against, experts say. SQL injection, for instance, is the most commonly exploited flaw in Web attacks, according to data from the Web Hacking Incident Database.
Fortunately, Gonzales is being held responsible for the breaches. Let’s just hope no one gets their minds on setting a new record! Apparently, it’s easy to achieve.
August 30th, 2009 at 10:20 am
[...] “I am legend” of the hacking and data theft world, Albert Gonzales, decided to plead guilty and now faces 15 to 25 years in jail. Gonzales is accused of masterminding [...]