28-Year-Old Pleads Guilty To Stealing Over 130 Million Credit And Debit Card Numbers

Albert Gonzelez pleaded guilty today to “conspiracy to engage in wire fraud for his role in stealing more than 130 million credit and debit card numbers from Heartland Payment Systems,” reports Boston.com.

“Hacker pleads guilty to stealing credit card numbers” [Boston.com]


Edit Your Comment

  1. spamtasticus says:

    Why do they keep calling it hacking? That is like saying a “Driver” robbed a bank because the guy drove a car to and from the bank. A misnomer started by the same media fools that started calling soldiers “Troops”.

    • midwestkel says:

      While I do agree with you most of the way because you hear the news or people say they had their Facebook or MySpace account hacked but in reality they probably went to a website that asked for their email and password. That is not a hack.

      But I would call this story hacking because someone had to break into a computer system somewhere they didn’t just have the user and password. They physically stole data from a secure network.

      • pecan 3.14159265 says:

        I agree with this assessment. It’s one thing if people mistakenly left their credit card data lying around but in this case, he actively sought to break security barriers to steal information.

      • larrymac thinks testing should have occurred says:

        I think spamtasticus was referring to the transformation of the word “hack” — compare the first and second definitions at Urban Dictionary. (Not always a good source, but they seem to have gotten this one right). See also Steven Levy’s book Hackers

    • pecan 3.14159265 says:

      I thought it was that you could call all military units or people “troops” but Marines prefer to be called Marines, Air Force prefer to be Airmen (or Airwomen, if that title exists), and Navy preferred to be referred to as Sailor or any of their ranks that you don’t get with the Marines, Air Force, or Army. I thought Army was the only one that was okay with “soldier.” At least that’s what I was told when some of my friends kept getting rankled about Marines being called “soldiers” – because while they technically are soldiers, being called Soldier inferred that you were in the Army.

    • spamtasticus says:

      I appreciate all the comments on this. I will clarify. My sarcastic tone aside, I was “griping” about the media’s miss-use of the term Hacker. It has been improperly demonized. A hacker is someone who takes a devise and takes it apart to have it do something other than what the original designer intended. This includes software. In fact the term Hacking comes from people who would get a model railroad set with say a figure 8 design and “Hack” up the rails to make a different design. The act of breaking a security scheme through exploitation of a weakness in code or, more commonly, users is called cracking. Not Hacking. The troops comment was about saying “the troops” when referring to a multitude of soldiers. This is wrong not because some branches like certain labels but because a troop is a specific group of soldiers. Just replace the word troop with squad or division and you will understand why troop is being used wrong. example: The squads in Irak are unhappy with the lack of choice in uniform patterns. Nitpicking to be sure, but if you are a soldier or in my case a hacker it is rather jarring to hear it used incorrectly and even worse in a defamatory manner.

      /steps of soapbox.

    • uber_mensch says:

      Its a lot like the word TEAM which referred to a group of horses and TEAMSTER being the title given to the men who drove them.

  2. hypnotik_jello says:

    I don’t know how you can be addicted on LSD or mushrooms, but ok.

    • thisistobehelpful says:

      Eh, most people that are alcoholics aren’t physically addicted to alcohol, they just like being drunk or need it to avoid things. I could see someone wanting to always trip if they thought it was just that awesome.

      • Saites says:

        I won’t disagree with your point that a drug not being physically addictive doesn’t really matter. But the thing is, tolerance to these drugs builds up strong and fast. Although the tolerance would go away relatively quickly (compared to other drugs that one would build up tolerances to), it would still be difficult to be a chronic abuser of them.

        • zlionsfan says:

          That wouldn’t matter much if it were a case of psychological dependence … if anything, it might make the addiction stronger. It’s harder to catch the dragon if it’s smaller and faster.

      • Datacloud says:

        Interesting perspective. Did you do any research before you came to that conclusion? The fact is that alcohol, in alcoholics, metabolizes into THIQ (tetrahydroisoquinaline [sp?]), which is a highly potent opiate. Alcoholism has been recognized as a disease and an addiction disorder by the AMA since 1952, which puts you pretty far back in terms of enlightenment. Anyhow, I find your statement to be incredibly ignorant and hurtful to the millions of people who suffer and die from this disease every day.

      • pecan 3.14159265 says:

        It’s a psychological problem that ends up being both a psychological and a physical problem (when your liver starts corroding, for instance). Most alcoholics lack healthy coping mechanisms for dealing with stressful situations, or emotional problems, and turn to alcohol. At first it seems like a good remedy to make them forget about their problems – but the problems are still there, and all they do is make it harder to solve them. When the alcohol goes away, the problems remain.

    • Datacloud says:

      I am also of the opinion that while not physically addictive, psychotropics can cause long term mental and emotional damage to those who might already be so impaired or not in a proper set and setting when the drug is administered.

      So I guess more to your point, no, I don’t think one can “jones” for LSD or mushrooms. They just don’t hit the right buttons from a physiological standpoint.

  3. tbax929 says:

    Fry him.

    • Bohemian says:

      Only if I get to personally work him over with a 2×4 first. Both times I had to get my card reissued it was this guys doing. The first time was a big financial mess getting everything changed over.

      • Saites says:

        Seriously? I agree that what he did was wrong, but you guys think he deserves to die for it?

        • Megalomania says:

          He decided his personal gain was worth creating problems for over 130,000,000 people. Not worth death perhaps, but if you consider him getting the maximum requested by the prosecutors that works out to 6 seconds of prison time per number. Think it took each of the people whose privacy he compromised 6 seconds to fix what he helped happen?

        • Bohemian says:

          Maybe not death. Throwing the book at him would be certainly called for. The first data breech probably caused me to waste about 10 hours of my time tracking down why my card was canceled and to find and fix all the businesses that had my old card number, explain the rejected payment etc. Now take about that amount times the number of people involved. Add all the time and money banks spent re-issuing cards. This guy caused a large problem.

        • theblackdog says:

          Maybe not, but I wouldn’t mind flogging him for a few hours because I had to spend hours dealing with getting a new card, putting security alerts on my credit reports, and straightening out some bill pay because my card number was stolen and used.

    • H3ion says:

      Fry him? Probably not, but put him away for so long, and without access to computers, that he’ll be eligible for Medicare when he gets out.

    • Red Cat Linux says:

      Fry him?


      The fraudulent charges rung up on the accounts he stole should become his personal debt. Yes, I know that fraud coverage on many cards would eliminate most of the victim’s personal cost, but somebody somewhere got screwed due to this joker’s greed.

      This guy’s income should be garnished until he pays it all back.

  4. Loias supports harsher punishments against corporations says:

    “Under a plea agreement, Gonzalez agreed not to seek a sentence of less than 17 years while prosecutors agreed to seek no more than 25 years. Gonzalez originally faced up to 35 years in prison.”

    That seems a rather convoluted method of negotiations. I suppose it’s pretty common, but seems odd to me.

    • Megalomania says:

      To save the cost of a trial the feds were willing to shave at least 10 years off his sentence, but they require him to ask for 17. The judge can just ignore all that anyway if hazy memories of how the legal system works are to be trusted.

      • sonneillon says:

        Sort of but to keep the integrity of the plea bargain. If judges were frequently ignoring the DA, there would be little intensive for people to make deals. Think of what would happen if this were the case with just speeding tickets. Assume that a speeding ticket goes for 120 dollars. When I worked for the city a police officer who was writing speeding tickets that day would write about 50 tickets in a shift. So that is a possible 6000 dollars per officer, but if every single person fought the ticket and there was a trial for each ticket it would cost a ludicrous amount of money.

        Even more expensive for more severe crimes. So for the purpose of costs the judges usually go along with sentencing recommendations.

  5. Chuck Norris' wig says:

    He went from United States Attorney General to a credit card thief in just 2 years?

    That’s just sad.

  6. harmony758 says:

    So accomplished and only 28! Makes me wonder what I did with my 20’s.

  7. Unstupid says:

    They should list all the credit cards numbers he stole so I can check to see if any of them are mine.

  8. PaRa02 says:

    At least they got the guy, Hang em’ High!

  9. madanthony says:

    “He is sorry. He has a desire to put this behind him. This is not a CEO. This is a young kid that did some pretty reckless things,

    Oh, well, as long as he’s sorry, and he’s not a CEO, that makes it OK.

    And since when is 28 a “young kid”? It’s 10 years past legal adulthood. I realized this happened a couple years ago, but early 20’s is still old enough to know that STEALING 130 MILLION CREDIT CARD NUMBERS is wrong.

    • mythago says:

      No kidding. I assume that maybe his lawyer was trying to point to his crappy behavior starting at age 16, but come the flap on, he’s 28 now.

    • pecan 3.14159265 says:

      Being reckless in youth doesn’t absolve you of the consequences. Stealing is wrong, regardless of magnitude. Albert Gonzelez obviously understood the concept of right and wrong, and chose to steal anyway.

  10. uber_mensch says:

    Back in the old days, data was stolen from insecure shopping cart software on porn sites using SQL injection. Not speaking from experience, I just knew it happened.