Anther data breach victim identified

Posted on December 30, 2009 by Tom Mahoney

3826B7F8-2FC1-4C21-87EF-0BA5C7DC2C85.jpgspacer.gif

It’s certainly no secret that Albert Gonzalez is a bad guy. If you’ve followed his rather unsavory career, you know that back in September he plead guilty to major breaches of TJX Companies, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority and Dave & Buster’s. According to court documents those breaches amounted to 170 Million credit cards. It’s believed that some of those long-lasting breaches occurred during the time he was an informant for the FBI.

Yesterday, on December 29, he plead guilty to breaches of transaction data from Heartland Payment Systems, Hannaford Brothers supermarket chain, 7-Eleven and “two unidentified companies.” That’s another 130 Million cards. The unidentified companies have been known about at least since the September guilty plea but have somehow managed to remain unidentified, thus avoiding a bit of bad publicity and state notification laws that didn’t seem to do much damage to the other companies.

Yesterday, one of the unidentified companies came out of the closet. Think concentric red and white circles; think Target. Of course Target is saying that Gonzalez and his cronies got relatively few numbers, if any. Personally, I doubt that. If they were able to suck data from Heartland for at least six months, they wouldn’t have much trouble with Target.

To put the Gonzalez capers in perspective, the population of the U.S. is in the neighborhood of 307.7 million. If we believe the news reports and the court documents, the breaches masterminded by Gonzalez got him 170 million card numbers That’s over 55% of the U.S. population.

The good news is that only a small portion of those cards has been used against merchants. The bad news is that only a small portion of those cards has been used against merchants. They are all still out there floating around the Internet at cheap prices. All 300 Million of them.

There’s two very major issues here that E-commerce merchants need to think about. I’ll discuss them in my next post so be sure to subscribe to the feed or follow on Twitter.

I’d like to know what you think. Click on the comment link below and tell me what you think are the implications to e-Commerce.

Similar Posts:

About Tom Mahoney

Tom Mahoney is the Founder and Director of Merchant911, a site dedicated to helping e-commerce merchants.
This entry was posted in credit card fraud, Data Breach, Heartland Payment Systems and tagged , . Bookmark the permalink.
Post comment as
twitter logo facebook logo
Sort: Newest | Oldest
StrongBox

Very nice post. 170 million cards is a very scary number. Albert Gonzalez is one of thousands criminal that actually got caught.It makes me wonder how many cards in the world are actually still 'private" and not stolen.

share
  • spam
  • offensive
  • disagree
  • off topic
 Like
Tom

Adrian,

Certainly a good point and we can only know what we're told. Clearly if any of these entities were doing global sales and their databases were hacked, then it's more than US cards. But we do know that at least some of the breaches were ongoing at the POS and those would be US only.

I do see breach reports from overseas now and then but I don't think they have the reporting requirements that we do so a lot of them are under the radar.

share
  • spam
  • offensive
  • disagree
  • off topic
 Like
Adrian

What makes you think he targeted only US citizens? The internet is a global medium and the techniques Gonzalez used to hack into those systems should be just as effective outside of the US. Want to take a guess at how many cards he REALLY got hold of?

share
  • spam
  • offensive
  • disagree
  • off topic
 Like