This article is part of an Essential Guide, our editor-selected collection of our best articles, videos and other content on this topic. Explore more in this guide:
4. - Bonus content: Events in PCI DSS history: Read more in this section
- Lack of guideline uniformity puts Visa merchants in quandary
- Swiping back: Praise for PCI Data Security Standard
- New PCI Council details changes to Data Security Standard
- TJX breach worse than originally feared
- PCI DSS assessors see lessons in TJX data breach
- First Data CISO calls for PCI DSS changes
- PCI DSS: The bar should not be lowered
- PCI Council adds new standard for payment applications
- In FTC settlement, TJX agrees to 20 years of audits
- PCI SSC launches assessor quality assurance program
- Expert predicts PCI DSS problems for retailers
- Heartland breach highlights PCI DSS limitations
- TJX, Heartland hacker sentenced to 20 years in prison
- PCI DSS 2.0 addresses secure coding, key management
- PCI DSS risk assessment methodology unique to each company
Explore other sections in this guide:
A federal judge on Friday sentenced Albert Gonzalez to 20 years in prison for his involvement in a series of massive data security breaches into Heartland Payment Systems Inc. and other companies.
On Thursday, he was sentenced to 20 years in prison for his role in the theft and sale of millions of credit and debit cards from TJX Companies Inc. and other retailers. He is to serve the two sentences concurrently, according to a court spokeswoman.
In December, Albert Gonzalez, 28, of Miami pleaded guilty in federal court in Boston to conspiring to hack into computer networks operated by Heartland Payment Systems, a payment processor, 7-Eleven Inc., Hannaford Brothers Co., and other retailers.
A federal grand jury indicted Gonzalez and two Russian hackers last August in the case involving Heartland; more than 130 million credit and debit card numbers from five companies were stolen in what officials called the largest credit and debit card data breach ever charged in the U.S.
According to the indictment, the trio researched the credit and debit card systems used by the companies and used SQL injection attacks to bypass network firewalls to steal the data. Prosecutors said the trio used a number of techniques to hide their activity, including testing their malware against antivirus products to evade detection.