It’s certainly no secret that Albert Gonzalez is a bad guy. If you’ve followed his rather unsavory career, you know that back in September he plead guilty to major breaches of TJX Companies, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority and Dave & Buster’s. According to court documents those breaches amounted to 170 Million credit cards. It’s believed that some of those long-lasting breaches occurred during the time he was an informant for the FBI.
Yesterday, on December 29, he plead guilty to breaches of transaction data from Heartland Payment Systems, Hannaford Brothers supermarket chain, 7-Eleven and “two unidentified companies.” That’s another 130 Million cards. The unidentified companies have been known about at least since the September guilty plea but have somehow managed to remain unidentified, thus avoiding a bit of bad publicity and state notification laws that didn’t seem to do much damage to the other companies.
Yesterday, one of the unidentified companies came out of the closet. Think concentric red and white circles; think Target. Of course Target is saying that Gonzalez and his cronies got relatively few numbers, if any. Personally, I doubt that. If they were able to suck data from Heartland for at least six months, they wouldn’t have much trouble with Target.
To put the Gonzalez capers in perspective, the population of the U.S. is in the neighborhood of 307.7 million. If we believe the news reports and the court documents, the breaches masterminded by Gonzalez got him 170 million card numbers That’s over 55% of the U.S. population.
The good news is that only a small portion of those cards has been used against merchants. The bad news is that only a small portion of those cards has been used against merchants. They are all still out there floating around the Internet at cheap prices. All 300 Million of them.
There’s two very major issues here that E-commerce merchants need to think about. I’ll discuss them in my next post so be sure to subscribe to the feed or follow on Twitter.
I’d like to know what you think. Click on the comment link below and tell me what you think are the implications to e-Commerce.
Similar Posts:
- Anther data breach victim Part 2
- Albert Gonzales may be in Jail but it ain’t over for a long time.
- Credit Card Data Breach at Heartland Payment Systems
- Top Fraud Incidents of 2008
- CardNet Hides Their Secrets
What makes you think he targeted only US citizens? The internet is a global medium and the techniques Gonzalez used to hack into those systems should be just as effective outside of the US. Want to take a guess at how many cards he REALLY got hold of?
Adrian,
Certainly a good point and we can only know what we’re told. Clearly if any of these entities were doing global sales and their databases were hacked, then it’s more than US cards. But we do know that at least some of the breaches were ongoing at the POS and those would be US only.
I do see breach reports from overseas now and then but I don’t think they have the reporting requirements that we do so a lot of them are under the radar.
Very nice post. 170 million cards is a very scary number. Albert Gonzalez is one of thousands criminal that actually got caught.It makes me wonder how many cards in the world are actually still ‘private” and not stolen.