BOSTON — A computer hacker from Miami who orchestrated one of the largest thefts of credit and debit card numbers in U.S. history was sentenced Thursday to 20 years in prison after he apologized for leading a scheme that cost companies, banks and insurers nearly $200 million.

Albert Gonzalez, 28, a one-time federal informant, pleaded guilty last year to breaking into the computer networks of major retailers including TJX Cos., BJ’s Wholesale Club, Barnes & Noble and OfficeMax.

U.S. District Judge Patti Saris sentenced Gonzalez to the middle of the 15- to 25-year range spelled out in a plea agreement that Gonzalez reached with prosecutors.

Gonzalez is scheduled to be sentenced today by a different judge in Boston in a case involving the theft of card numbers from the Scarborough, Maine-based Hannaford Bros. supermarket chain, 7-Eleven and Heartland.

From Dec. 7, 2007, to March 10, 2008, Gonzalez and other hackers stole credit and debit card numbers from people who shopped at Hannaford supermarkets. The company operates more than 200 stores under various names in New England, New York and Florida.

An estimated 4.2 million card numbers were exposed, and by the time Hannaford publicly announced the breach on March 17, 2008, about 1,800 fraudulent charges had been made.

Before he was sentenced Thursday, Gonzalez apologized as his mother, father and sister watched from the front row of the courtroom. His father wept softly.

Gonzalez said he did it not out of greed, but “because of my inability to stop my pursuit” and “my (Internet) addiction.”

“I blame nobody but myself,” he said.

He said he didn’t give much thought to people whose credit and debit card numbers were stolen.

“I always thought that they were being made whole by their financial institutions,” he said.

Authorities said Gonzalez amassed $2.8 million, which he used to buy a Miami condo, a car, Rolex watches and a Tiffany ring for his girlfriend.

They said Gonzalez and two foreign co-defendants would drive past retailers with a laptop computer and tap into those with vulnerable wireless Internet signals.

They would install “sniffer programs” that picked off credit and debit card numbers as the numbers moved through retailers’ computers, before trying to sell the numbers overseas, authorities said.

Gonzalez, who was known online as “soupnazi,” was a self-taught computer genius.

He was first accused of hacking in 2003, but was not charged because he became an informant, helping the Secret Service find other hackers. But authorities said that over the next five years, he hacked into the computer systems of Fortune 500 companies even while providing assistance to the government.

Assistant U.S. Attorney Stephen Heymann said Gonzalez led a group of professional hackers and identity thieves in three states, Ukraine and Russia.

He said the group made money by selling numbers on the black market and by going to ATMs and taking “bundles of money” out of accounts.

Authorities found more than 40 million distinct card numbers on two of Gonzalez’s computer servers.

Prosecutors asked for a 25-year sentence, while Gonzalez’s attorney, Martin Weinberg, asked for 15 years.

Weinberg said Gonzalez has “gained an understanding of the harm he’s done” during the 22 months he’s spent in jail since his arrest in May 2008, and has “genuine and deep remorse.”

Weinberg also cited a report from a defense psychiatrist who said Gonzalez showed behavior consistent with Asperger’s syndrome, a form of autism, and Internet addiction.

He said that, for Gonzalez, a computer “is like a drug.”


Only subscribers are eligible to post comments. Please subscribe or to participate in the conversation. Here’s why.

Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.