The hacker who enabled the theft of millions of credit card numbers has pleaded guilty to two counts of conspiracy and will receive a prison term of at least 17 years.
Albert Gonzalez, the hacker, has already pleaded guilty in two other cases related to the theft. As part of his plea agreement in those cases, in Boston and New York, he agreed to ask for no less than 15 years in prison and the government agreed to ask for no more than 25 years.
In the most recent case in New Jersey, Gonzalez said he won’t seek a prison term under 17 years. In addition, the term will run concurrently with the sentences of the previous cases. Sentencing for all three cases will be handed down in March.
The Department of Justice says that the case is one of the largest data breaches ever investigated and prosecuted in the United States. The plea agreement says that Gonzalez leased servers to other hackers who used the servers to store malicious software and launch attacks against corporate victims.
Gonzalez is among the hackers charged with using SQL injection attacks to steal credit and debit card information from, among others, credit card payment processing company Heartland Payment Systems, 7-Eleven and Hannaford Brothers, a Maine supermarket chain. He was charged with selling millions of credit and debit card numbers from TJX, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble and Sports Authority, the DOJ said.