Two more retailers have been added to the list of victims of Albert Gonzalez and his group of computer hacking thieves.
Gonzalez helped lead a group of hackers who cost credit unions and other card issuers hundreds of millions of dollars.
Court documents unsealed after Gonzalez was sentenced to three concurrent sentences of 20 years plus one day revealed that major retailers JC Penney and Wet Seal were among the retailers whose computer systems Gonzalez successfully hacked.
The news of the successful hack and apparent computer security weakness were never made public because at least one of the retailers, JC Penney, had argued that the there were no card accounts compromised in the attack. Prosecutors initially agreed, identifying the retailers only as Company A and Company B in indictments.
But in arguments before the court that arose during the process of sentencing Gonzalez, the government argued that the court should allow the retailers names to be released.
"Most people want to know when their credit card or debit card numbers may have been put at risk, not simply if, and after, they have clearly been stolen," the government argued in some of its filings. "The presumption of disclosure has an additional significant benefit, though, besides the right of the card holder to know when he has been exposed to risk.Knowing that card holders will be concerned whenever their credit or debit card information is put at risk, if they know it, provides an incentive for companies to invest in the protections their customers would want. Transparency makes the market work in this area."