Albert Gonzalez, the hacker who led a multinational group of friends and associates through some of the biggest retail hacks of card data in history, received a sentence of 20 years and a day for his part in the multiple thefts.
Resulting from what the government claimed became a tour de force in computer thieving, prosecutors brought cases against Gonzalez, 28, and others in three different venues to reflect the number and diversity of the retail companies hit. In addition to Heartland Payment Systems, the biggest hit, other companies which lost data included 7-Eleven, Hannaford Brothers Supermarkets, TJX, DSW, Barnes and Noble, Office Max and the Dave & Buster's restaurant chain.
All told, prosecutors estimate Gonzalez and the other hackers wound up costing card issues, both banks and credit unions, hundreds of millions of dollars. Heartland alone estimated its losses from the breach at $130 million, and the company has agreed to settlement deals with some Visa and MasterCard issuers, along with American Express.
Gonzalez' perfidy was only enhanced by the fact he began hacking while still a confidential informant for the U.S. Secret Service investigating other hacking cases.
The complicated nature of the cases, the prosecutions and the plea bargains meant that the courts in New Jersey and New York forwarded their cases to the U.S. District Court for Massachusetts, which effectively handled the sentencing for all of them, albeit by two separate judges. U.S. District Court Judge Patti Saris sentenced Gonzalez to two terms of 20 years and day on March 25 and U.S. District Court Judge Douglas Woodlock sentenced him to 20 years and a day for other cases on March 26. The sentences are set to run concurrently but will still add up to significant time in prison, which was the court's point, according to Woodlock.
"You're going to lose the middle part of your life because of this," a reporter from the IDG News Service quoted Woodlock as saying from the bench. "You're in your middle 20s, you'll be in your middle 40s when you get out. This is real time. And it's meant to deliver a message to others."
Prosecutors charged in the various cases that Gonzalez once named his criminal scheme "Operation Get Rich or Die Tryin'" and that he and his associates had picked victims by choosing possible firms from a list of Fortune 500 companies and then testing them to find out which ones had the weakest computer and data defenses.
Gonzalez pled guilty to the charges. but his lawyers argued that his role as a leader in the group varied from heist to heist and that others, particularly based in Eastern Europe who have not been captured, played a leadership role in some of the thefts.
Media outlets reported that Gonzalez admitted his guilt before both judges, accepted full responsibility and asked for mercy. His parents and other family members attended both sentencing hearings.