Three Indicted in Largest Corporate Identity Theft Case in History

Federal Authorities indicted three men in New Jersey in a massive identity theft case that the Justice Department is labeling as the largest in American history.

Albert Gonzalez of Miami, 28, is charged with acting with two unnamed conspirators to locate large corporations and steal vital account information in a crime that the Department of Justice calls "the single largest hacking and identity theft case ever prosecuted."

Authorities say more than 130 million credit and debit card numbers were stolen in a corporate data breach involving three different corporations and two individuals. The card numbers, along with additional account information, were allegedly stolen from Princeton-based Heartland Payment Systems; 7-Eleven Inc., a Texas-based convenience store chain and Hannaford Brothers Company, a Maine-based supermarket chain.

The indictment also mentions two other unidentified corporate victims as being hacked by the co-conspirators.

According to the Justice Department, the suspects used a sophisticated hacking technique called an "SQL injection attack," which "seeks to exploit computer networks by finding a way around the network's firewall to steal credit card and debit information."

According to the two-count indictment alleging conspiracy and conspiracy to engage in wire-fraud, beginning in October 2006, Gonzalez and the others would seek out Fortune 500 companies and attempt to identify potential vulnerabilities in their computer systems.

FULL COVERAGE: Click here for all of's identity theft coverage.

After reconnaissance of the computer systems was completed, information would be uploaded to servers which served as hacking platforms. Once the information was discovered, it was stolen from the corporate servers and placed onto servers around the world controlled by the suspects.

Upon the alleged theft of the data, Gonzalez, known online as "soupnazi," and his co-conspirators would seek to sell the data to others who would then use it to make fraudulent purchases, unauthorized withdrawals from banks and other identity theft schemes, the Justice Department said Monday.

RELATED: Russian Hackers Stole U.S. IDs for Attacks

If convicted, Gonzalez could face up to 20 years on a charge of wire-fraud conspiracy and an additional five on the conspiracy charge. He also faces fines of up to $250,000 for each charge.

He is currently in federal custody. The whereabouts of the two unidentified suspects, both from Russia, are unknown.

The latest charges are hardly Gonzalez's first brush with the law — in May 2008, the U.S. Attorney's Office of New York charged him for his alleged role in the hacking of a computer network run by a national restaurant chain. He is slated to stand trial on those charges in September of 2009.

In August of 2008, he was indicted on additional charges for a number of hacks into eight major retailers including discount giant TJ Maxx that involved an estimated 40 million credit cards and cost TJ Maxx $200 million. He is scheduled for trial on those charges in 2010, the Department of Justice said.

Heartland Systems announced a suspected breach on January 20, 2009, noting the discovery of "evidence of an intrusion," but denying the compromise of any merchant data, social security numbers, PIN numbers or addresses. It has an entire Web site devoted to the breach, accessible at At the time of the 2008 intrusion, Heartland was responsible for processing 100 million payments for at least 250,000 businesses each month, the Washington Post reported.'s Allison McGevna and FOX News' Mike Levine contributed to this report.