Skip to main content

Indicted suspect allegedly breaks record for credit-card data theft

  • Story Highlights
  • Albert Gonzalez, 28, of Miami, Florida, is in a Brooklyn jail awaiting trial
  • Acting U.S. Attorney Ralph Marra in Newark: Servers used for "hacking attacks"
  • Gonzalez charged with co-conspirators "Hacker 1 and Hacker 2" of Russia
By Terry Frieden and Jason Kessler
Decrease font Decrease font
Enlarge font Enlarge font

(CNN) -- A Florida man already jailed on charges of hacking into major retail computer networks has been indicted a third time for allegedly stealing data on a record number of credit and debit cards.

The record broken with this latest alleged attack was previously set by the same suspect, law enforcement officials said.

The U.S. Justice Department said Albert Gonzalez, 28, of Miami, Florida, was indicted by a federal grand jury in New Jersey. He is accused of stealing data involving more than 130 million credit cards used by customers of five retailers including the 7-Eleven chain.

Justice Department officials familiar with the case said they have no estimate of possible financial losses that could be linked to the credit-card data theft, and declined to characterize or speculate on potential losses.

Federal prosecutors in New Jersey apparently will have to wait to try Gonzalez.

Gonzalez is in jail in Brooklyn, New York, awaiting trial there in September for his alleged role in hacking into computers of the Dave and Buster's restaurant chain.

He also has been indicted in Boston, Massachusetts, along with several co-conspirators, on charges they hacked into the databases of at least eight major retailers. He also is accused of stealing data related to 40 million credit cards. Then-Attorney General Michael Mukasey said in that indictment announced a year ago that the computer crime involved what was then a record number of credit cards. Gonzalez is scheduled to go on trial on those hacking charges in 2010.

Corporate victims in the Massachusetts case included T.J. Maxx, Marshalls, BJ's Wholesale Club, OfficeMax, Barnes & Noble and Sports Authority, officials said.

In the New Jersey case, the indictment charges that Gonzalez, operating under a series of computer aliases including "soupnazi," managed to exploit computer networks beginning in 2006 by circumventing fire walls to steal the credit card information.

Prosecutors said Gonzalez is charged along with two co-conspirators identified only as "Hacker 1 and Hacker 2, both of Russia." They allegedly moved the data to computer servers operating in California and Illinois, and overseas in Latvia, the Netherlands and Ukraine.

Acting U.S. Attorney Ralph Marra in Newark said, "The servers were used to store information critical to the hacking schemes and to subsequently launch the hacking attacks."


"The charges announced today relate to a different pattern of hacking activity that targeted different corporate victims and involved different co-conspirators," the Justice Department said Monday in Washington.

If convicted on the New Jersey indictment, Gonzalez could face up to 20 years on wire fraud conspiracy and five years for a separate conspiracy count. He could also be fined up to $500,000.

All About U.S. Department of JusticeIdentity Theft

  • E-mail
  • Save
  • Print