Record haul lands Heartland hacker in the soup
- Reduce text size Decrease text size
- Increase text size Increase text size
- Print article Print
- Jump to comments Comment
- Share this article Share
- Email article to a friend Email
A hacker who allegedly stole the credit details of 130 million people faces up to 25 years in prison on wire fraud and conspiracy charges
A 28 year old Miami man has been charged with stealing 130 million credit card numbers, mostly from large retail companies, in the largest such heist ever recorded.
Albert Gonzalez, who goes by the hacking moniker ‘soupnazi’, allegedly worked with two unidentified Russian accomplices to steal credit card details from companies including 7-Eleven, supermarket chain Hannafords, Heartland (a US payment processing firm), and a further two unnamed companies. The gang would use information gathered from checkout machines to hack into corporate computer systems before uploading stolen data to servers in the US, Ukraine, Latvia and the Netherlands.
Gonzalez, who has previously hunted hackers for the US Secret Service, was also accused of stealing customer data from US retail chain TK Max in 2006. He is currently in jail in New York for allegedly stealing the credit card details of 40 million people.
Unusually for such cases, endpoint security firm Lumension noted that one of the major victims of the latest haul, Heartland, was declared PCI compliant by a Qualified Security Assessor (QSA) shortly before the breaches occurred. Despite being compliant, the payment systems firm is up for an estimated £32 million in recovery efforts.
Lumension’s senior vice president Andrew Clarke said that while the QSA would be contractually insulated from liability, “the question now is not whether the QSA is negligent in leaving Heartland exposed or if Heartland was negligent in its security practices. The issue is that Heartland is paying the price for the breach. There is simply too much at stake to assume a compliance audit equates with full operational endpoint security,” he added.
Join us at Enterprise Security & Continuity 2009!
The credit squeeze has inspired a new wave of security and continuity service offerings that take capital cost out of the IT equation. The drive towards cloud computing, with organisations investigating both internal and external clouds, represents as many challenges for security and continuity services as business opportunities.
Information Age’s Enterprise Security & Continuity 2009 conference, which takes place on October 22nd in London, will host insider presentations and debate from analysts, chief security officers, business continuity managers and consultants on the threats to organisations and the new service-centric delivery models. Topics under discussion will include:
• Lost or exposed data |
• Security holes in packaged software |
• Malicious viruses |
• Hacking by professional criminals |
• Social engineering |
• Phishing scams |
• Power outages |
• Server failure |
Click here to register for your free place at the event
