By BRAD STONE August 18, 2009
SAN FRANCISCO - The man who prosecutors said had masterminded some of the most brazen thefts of credit and debit card numbers in history was charged on Monday with an even larger set of digital break-ins.
In an indictment, the Justice Department said that Albert Gonzalez,28, of Miami and two unnamed Russian conspirators made off with more than 130 million credit and debit card numbers from late 2006 to early 2008.
Prosecutors called it the largest case of computer crime and identity theft ever prosecuted. According to the government, the culprits infiltrated the computer networks of Heartland Payment Systems, a payment processor in Princeton, N.J.; 7-Eleven Inc.; Hannaford Brothers, a regional supermarket chain; and two unnamed national retailers.
An unspecified portion of the stolen credit and debit card numbers were then sold online, and some were used to make unauthorized purchases and withdrawals from banks, according to the indictment, which was filed in United States District Court in Newark.
Although some states require card issuers to notify customers about security breaches, it is unclear whether all individuals whose card numbers were stolen in this case have been notified and offered new account numbers.
Mr. Gonzalez has been in custody since May 2008, when he was arrested in connection with another prominent data theft at the Dave & Buster's restaurant chain. He has also been indicted in other thefts of credit and debt cards, including the 2005 data breach at T. J. Maxx stores, a division of TJX, based in Framingham, Mass.
Mr. Gonzalez is awaiting a trial in New York in the Dave & Buster's attack and, separately, another in Massachusetts in the TJX breach. Trials on the charges announced on Monday will have to wait until those cases are completed, federal prosecutors said.