*Over 130 mln credit, debit card numbers said to be stolen
*Miami man, two unnamed Russian co-conspirators charged
(Recasts, adds details throughout, background)
By Daniel Trotta
NEW YORK, Aug 17 Three men were indicted on
Monday for allegedly stealing more than 130 million credit and
debit card numbers in what U.S. authorities said they believe
is the largest hacking and identity theft case ever
Albert Gonzalez, a former government informant already in
jail in connection with hacking cases, and two unnamed Russians
were indicted on charges related to five corporate data
breaches from 2006 to 2008.
Card numbers were stolen in those breaches from credit-card
processor Heartland Payment Systems HPY.N and retail chains
7-Eleven Inc and Hannaford Brothers Co, prosecutors said.
The men targeted two other corporations, the U.S.
attorney's office in New Jersey said in the statement, without
naming those companies.
Heartland Payment Systems and Hannaford Brothers had
previously and separately acknowledged the breaches, but the
scope of the fraud had not been known.
Authorities also for the first time tied those cases to
Gonzalez, who was arrested last year on suspicion of hacking
into a restaurant chain's payment system.
Attorneys for Gonzalez were not available for comment.
Prosecutors said Gonzalez and the Russians, identified as
"Hacker 1" and "Hacker 2", targeted large corporations by
scanning the list of Fortune 500 companies and exploring
corporate websites before setting out to identify
A year ago, Gonzalez was indicted along with 10 others from
five countries on accusations of stealing 41 million credit and
debit card numbers from major retailers, including TJX Cos Inc
(TJX.N), owner of the TJ Maxx and Marshall's retail chains.
Prosecutors said that ring caused more than $400 million in
Prosecutors said Gonzalez and the other two men used
numerous techniques to penetrate the computer systems.
Gonzalez was being held in a Brooklyn jail. Prosecutors
would not comment on the whereabouts of the two Russians.
All three were charged with conspiracy to gain unauthorized
access to computers, to commit fraud in connection with
computers and to damage computers, and conspiracy to commit
wire fraud. Each faces up to 35 years in prison and large fines
Prosecutors said in the statement that the suspects would
seek to sell the data to others who would use it to make
They cited one example in which they said the suspects went
to retail locations to identify the type of checkout machines,
and after further investigation into the computer systems they
uploaded information onto servers that worked as hacking
"These servers, located in New Jersey and around the world,
were used by the co-conspirators to store information critical
to the hacking schemes and subsequently to launch the hacking
attacks," prosecutors said.
Heartland, based in Princeton, New Jersey, calls itself the
fifth largest payments processor in the United States.
Representatives from Heartland and 7-Eleven were not
available for comment. Hannaford Brothers referred questions to
(Reporting by Daniel Trotta; Editing by Toni Reinhold)