The US Department of Justice has indicted Albert Gonzalez for his part in a massive ID theft hacking operation. Maybe you know him by his other names: segvec, j4guar17, or soupnazi, but you probably don’t. However, chances are that you’ve used at least one of the corporations that Gonzalez hacked, America’s favorite purveyor of Slurpees and beef jerky: 7-Eleven. Using what the DOJ is calling “a sophisticated hacking technique called an ‘SQL injection attack,'” Gonzalez managed to get around the network firewalls and grab over 130 million credit and debit cards from Heartland Payment Systems, supermarket chain Hannaford Brothers, and the aforementioned convenience store chain.
According to the DOJ:
“Gonzalez and his co-conspirators researched the credit and debit card systems used by their victims; devised a sophisticated attack to penetrate their networks and steal credit and debit card data; and then sent that data to computer servers they operated in California, Illinois, Latvia, the Netherlands and Ukraine.”
As consumers, we expect that credit card transactions should be pretty secure. We trust that all our payment data is being locked away in a secure safe-house, never to be seen by criminal eyes. We expect that these corporations use the best security systems available. And maybe they do. Unfortunately, with hackers, it’s an arm’s race. Where there’s a gap, they will exploit.
While corporate network security is beyond the control of everyday consumers, individuals can protect themselves with Identity theft protection and credit report monitoring. That way, even if your data does get hacked, there’s a better chance you can control the damage.