Hacker Albert Gonzalez, accused of masterminding the massive data thefts at BJ's Wholesale Club, TJX and several other retailers, has pleaded guilty to 19 charges related to computer hacking and credit card fraud, the U.S. Department of Justice said. Hacker Albert Gonzalez, accused of masterminding the massive data thefts at BJ’s Wholesale Club, TJX and several other retailers, has pleaded guilty to 19 charges related to computer hacking and credit card fraud, the U.S. Department of Justice said.Gonzalez, 28, of Miami, was a member of a group of hackers that stole more than 40 million credit and debit card numbers from TJX, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble and Sports Authority, the DOJ said. He pleaded guilty Friday to 19 counts of conspiracy, computer fraud, wire fraud, access device fraud and aggravated identity theft in U.S. District Court for the District of Massachusetts.Gonzalez also pleaded guilty to one count of conspiracy to commit wire fraud relating to hacks into the Dave & Buster’s restaurant chain, which were the subject of a May 2008 indictment in the Eastern District of New York. The pleas in both cases were entered before U.S. District Court Judge Patti Saris in federal court in Boston. In August, Gonzalez was also indicted in New Jersey for the theft of more than 130 million credit and debit cards. He was charged, along with two unnamed co-conspirators, with using SQL injection attacks to steal credit and debit card information. Among the corporate victims named in the two-count indictment were Heartland Payment Systems, a New Jersey card payment processor; 7-Eleven, the Texas-based convenience store chain; and Hannaford Brothers, a Maine-based supermarket chain. In the Boston and New York cases, Gonzalez and his co-conspirators broke into retail credit card payment systems through a series of sophisticated techniques, including “wardriving” and installation of sniffer programs to capture credit and debit card numbers used at retail stores, according to the indictments.Gonzalez and his co-conspirators sold the numbers to others for fraudulent use and engaged in ATM fraud by encoding the data on the magnetic stripes of blank cards and withdrawing tens of thousands of dollars at a time from ATMs, the DOJ said. Gonzalez and his co-conspirators concealed and laundered their fraud proceeds by using anonymous Internet-based currencies both within the U.S. and abroad, and by channeling funds through bank accounts in Eastern Europe, the DOJ said. Based on the terms of the Boston plea agreement, Gonzalez faces a minimum of 15 years and a maximum of 25 years in prison. Based on the New York plea agreement, Gonzalez faces up to 20 years in prison, which the parties have agreed should run concurrently with the Boston sentence. He faces fines of US$250,000 in both cases, but the fines could be increased to twice his gains and twice the victims’ losses in the Boston case.Gonzalez also agreed to pay restitution for the loss suffered by his victims, and to forfeit more than $2.7 million, plus real estate, a 2006 BMW, a Tiffany diamond ring and Rolex watches, the DOJ said. Included in the forfeited currency is more than $1 million in cash, which Gonzalez had buried in a container in his backyard. Sentencing is scheduled for Dec. 8.“Computer hacking and identity theft pose serious risks to our commercial, personal and financial security,” Benton Campbell, U.S. attorney for the Eastern District of New York, said in a statement. “Hackers, including those who commit their crimes from abroad, will find no refuge from the reach of U.S. criminal justice — they will be found, prosecuted and convicted.” Related content news Multibillion-dollar cybersecurity training market fails to fix the supply-demand imbalance Despite money pouring into programs around the world, training organizations have not managed to ensure employment for professionals, while entry-level professionals are finding it hard to land a job By Samira Sarraf Oct 02, 2023 6 mins CSO and CISO CSO and CISO CSO and CISO news Royal family’s website suffers Russia-linked cyberattack Pro-Russian hacker group KillNet took responsibility for the attack days after King Charles condemned the invasion of Ukraine. By Michael Hill Oct 02, 2023 2 mins DDoS Cyberattacks feature 10 things you should know about navigating the dark web A lot can be found in the shadows of the internet from sensitive stolen data to attack tools for sale, the dark web is a trove of risks for enterprises. Here are a few things to know and navigate safely. By Rosalyn Page Oct 02, 2023 13 mins Cybercrime Security news ShadowSyndicate Cybercrime gang has used 7 ransomware families over the past year Researchers from Group-IB believe it's likely the group is an independent affiliate working for multiple ransomware-as-a-service operations By Lucian Constantin Oct 02, 2023 4 mins Hacker Groups Ransomware Cybercrime Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe