Second man pleads guilty in huge data breach case

TJ Maxx

25-year-old Christopher Scott of Miami, Florida, has pleaded guilty to a range of charges connected with what has been described as the single largest and most complex case of hacking and identity theft ever prosecuted.

According to the Associated Press, Scott has admitted his involvement in a heist that hacked into nine retail outlets and stole more than 40 million credit and debit card numbers.

Scott was one of 11 men charged in May with breaking into the wireless networks of major retailers including OfficeMax, Barnes & Noble, Boston Market, Sports Authority, Forever 21, DSW, BJ’s Wholesale Club and TJX, which operates retail stores T.J. Maxx (known as TK Maxx in the UK) and Marshall’s.

According to reports, Scott was an expert in hacking into wireless networks and assisted the rest of the gang in stealing customers’ credit card information from the affected retail stories. He faces up to 22 years in jail and a million dollar fine for his crimes.

Prosecutors claim that the gang concealed the stolen data on encrypted servers in the United States and Eastern Europe, either selling credit card numbers to other criminals or creating fake cards to withdraw thousands of dollars from ATM machines.

Earlier this month, Damon Patrick Toey, one of the other men accused of the TJX data breach, also entered a guilty plea.

The gang’s alleged leader, Albert Gonzalez, who faces a possible sentence of life imprisonment if convicted of all the charges laid against him, has pleaded not guilty.

The investigation into this massive data theft has been huge, and the authorities should be applauded for successfully bringing it a step further to resolution. Other firms would be wise to learn from these major retailers’ misfortunes, and ensure that their data is properly secured, and not open to theft by organised hackers.

* Image source: Ztil301’s Flickr photostream (Creative Commons 2.0)