You may have already heard about the August 18 indictment of Albert Gonzales and accomplices, regarding the theft of over 130 million debit and credit card numbers, making it the biggest ID theft case prosecuted in the history of the crime. Gonzales, a former government informant, on the subject of credit card fraud nonetheless, used a vector attack to obtain numbers from large retailers, including 7-Eleven (through third party ATM’s), Hannaford Brother and Heartland Payment Systems, a popular payment processing company. Learn more about the Heartland Payment Systems data breach.
The process involved in these thefts was fairly complex. Gonzales and his “team†would visit various businesses to view their point of sale equipment. Once they were able to find vulnerability in a system, they would attempt to find a way to hack into it. Since retailers are less likely to frequently update their software than, for example, a large technology or medical company, they were able to find a virtual hacker’s paradise.
By using servers and systems located around the world, and assistants in Russia and Eastern Europe, as well as the U.S., Gonzales was able to hack into networks, install malware on the machines in some cases, and get credit information essentially delivered directly to him. This information included cards currently in use and those that had been stored on the system from previous use.
When Gonzales was indicted for his latest crimes, he was already under investigation for hacking the systems of several additional companies. These include such shopping mall staples as Barnes & Noble, the Sports Authority, Forever 21, OfficeMax and Boston Market. Another Gonzales target, T.J. Maxx, told the Securities Exchange Commission that it has lost $200 million due to a similar data breach. For more information on these see our article Identity Theft Ring Busted – Retail Hackers Charged.
If Gonzales is convicted of the charges against him, he faces not only over $1 million in fines, but up to 35 years in prison. This will hopefully keep him out of the picture for quite some time, but there will soon be others who will learn from his experience. There are always plenty of hackers out there that would love to make a quick buck, whether in an ethical way or not.
While it is tough to switch to a cash-only payment system, doing so might seem tempting with all of the information that seems to be floating about. However, you don’t have to if you have an identity theft protection service watching your back. They help to keep your card numbers safe, even if they do end up picked up by a criminal.
Additionally, read your credit card and debit card statements each month. If you notice anything unusual, get your card number changed, and notify your credit card company of the charges that you don’t recognize so you can go through the process to contest them. While companies targeted in the Gonzales case may be out a good deal of money, you do not have to join them in the same boat. These retail companies often have insurance policies to help them out. You can have similar protections for your own accounts for as little as a few nickels a day.