Trio charged with stealing identities for as many as 130 million credit cards

A federal grand jury charged a trio of hackers with stealing data related to more than 130 million credit and debit cards. It’s another reminder that computer security is broken and it still hasn’t been fixed.

The three people were linked to the hacking of credit card payment processing firm Heartland Payment Systems last year. The same people were also allegedly behind a bunch of high-profile data thefts at places such as Hannaford Brothers and 7-Eleven.

One of the three is Albert Gonzalez, a 28-year-old Miami man who was indicted last year for his alleged theft of identities from TJX, which included credit card numbers at TJ Maxx and other big retailers. He is in custody. Two other unnamed hackers in the indictment are Russian.

The charges include conspiracy to gain unauthorized access to computers, to commit fraud in connection with computers, and to damage computers, and conspiracy to commit wire fraud. The defendants each face up to 35 years in prison and millions in fines.

Heartland, based in Princeton, N.J., was processing 100 million payments for 250,000 businesses each month when the company was hacked last summer. It hasn’t disclosed how many accounts were breached, but as many as 650 financial institutions have been affected, according to BankInfoSecurity.com. The company said in a filing that the data breach cost it $32 million.

This case has been widely publicized, but it really shouldn’t surprise us at all, given the sorry state of the security ecosystem. Have we learned anything from it? I would hazard a guess that the same thing could be done today.