Apr 02 2010

Man sentenced for hacking restaurant card data

Category: Information Security,pci dssDISC @ 1:47 pm

Seal of the United States Federal Trade Commis...
Image via Wikipedia

By Alan J. Liddle

WASHINGTON (April 1, 2010) Albert Gonzalez, the mastermind of payment card data thefts from Boston Market and Dave & Buster’s and a participant in the hack of a credit transaction processor serving thousands of restaurants, has been sentenced to two 20-year prison terms, the U.S. Justice Department said.

In a separate development, the Federal Trade Commission said late last week that one of the companies targeted by Gonzalez’s ring — Dallas-based Dave & Buster’s Inc. — will be subject to closer scrutiny for 20 years. That is the length of time that conditions laid down by the federal agency must be met by Dave & Buster’s following its agreement to settle FTC charges that the casual-dining chain had “left consumers’ credit and debit card information vulnerable to hackers, resulting in several hundred thousand dollars in fraudulent charges.”

April Spearman, vice president of marketing for 55-unit Dave & Buster’s, said the company had no comment about Gonzalez’s sentencing or its settlement with the FTC. However she reiterated the company’s earlier statements that it had acted immediately after being alerted to the possibility of data theft at 11 of its restaurants in 2007 and had “worked closely with both the Secret Service and Department of Justice and assisted them in their investigations.”

Dave & Buster’s has said that after learning of the data network breach, it retained outside security experts and deployed additional measures to prevent similar thefts going forward.

In a March 26 filing with the U.S. Securities & Exchange Commission, Dave & Buster’s said, “The order does not require [Dave & Buster’s] to pay any fines or other monetary assessments and the registrant does not believe that the terms of the order will have a material adverse effect on its business, operations, or financial performance.”

Requests for comment about Gonzalez’s sentencing by Golden, Colo.-based Boston Market were unanswered as of press time.

Gonzalez, 28, was sentenced March 25 in U.S. District Court in Boston to 20 years in prison for two cases involving conspiracy, computer fraud, wire fraud, access device fraud and aggravated identity theft, according to the Justice Department. Those charges stemmed from data network intrusions at numerous companies, including 520-unit Boston Market, Dave & Buster’s, the TJX Cos., OfficeMax and Barnes & Noble. Those virtual break-ins were carried out by what federal officials characterized as the “largest hacking and identity theft ring ever prosecuted by the U.S. government.”

To read more @ nrn.com

Tags: Albert Gonzalez, Dave & Buster, debit card, Federal Trade Commission, Identity Theft, U.S. Securities & Exchange Commission, United States, United States district court