TJX hacker pleads guilty

Damon Patrick Toey last week became the first person to plead guilty to helping to steal more than 40 million identities and account details in ...

Damon Patrick Toey last week became the first person to plead guilty to helping to steal more than 40 million identities and account details in the world's biggest criminal computer hack.

US attorneys charged Toey and 10 others on 5 August with conspiracy, computer intrusion, fraud and identity theft.

They face charges of hacking into nine large US retailers, including TJX and its UK subsidiary, TKMaxx, to steal and resell more thn 40 million credit and debit card numbers. It is the largest hacking and identity theft case prosecuted so far by the Department of Justice.

Three defendants were US citizens, one was from Estonia, three from Ukraine, two from the People's Republic of China and one from Belarus. One was known only by an online alias.

The alleged leader, Albert "Segvec" Gonzalez, is believed to be a former secret service informer. Gonzales has pleaded not guilty to charges related to the TJX hack.

The defendants are accused of "wardriving" or hacking into retailers' wireless networks to copy sales transaction details. The alleged offences took place between 2003 and 2008.

Toey was charged with unlawful access to computers, access device fraud, wire fraud, aggravated identity theft, and money laundering.

Lawyers said Toey worked with Gonzales to attack computer networks, often using SQL injection attacks to find flaws in retailers' networks. He used these flaws to gain access to track 2 data (from the magnetic stripe on the back of payment cards), accounts and files before copying them and selling them to criminal third parties inside and outside the US.

If convicted, Toey faces the confiscation of three Sony Vaio laptops, an Xbox and an iPad Nano, as well as data storage units and $9,500 in cash.

The theft, which went undetected for nearly five years, allowed the thieves to withdraw "tens of thousands of dollars" at a time from foreign ATM machines. It cost TJX and other retailers millions in compensation and administration costs.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.




  • Passive Python Network Mapping

    In this excerpt from chapter two of Passive Python Network Mapping, author Chet Hosmer discusses securing your devices against ...

  • Protecting Patient Information

    In this excerpt from chapter two of Protecting Patient Information, author Paul Cerrato discusses the consequences of data ...

  • Mobile Security and Privacy

    In this excerpt from chapter 11 of Mobile Security and Privacy, authors Raymond Choo and Man Ho Au discuss privacy and anonymity ...