A hacker who helped organise one of the largest thefts of card details in history has been sentenced to 20 years in jail.
Albert Gonzalez masterminded the breaches at retailer TJX, where 11.2 million payment card details were stolen.
TJX, owner of TJ Maxx in the UK, was ordered to pay nearly $10m to 41 US states for failing to prevent the data breach engineered by Gonzalez.
He was among 11 suspects charged with breaking into the wireless networks of several US retailers in 2003 to steal credit card details.
Gonzalez will be sentenced for his involvement in breaches at Heartland Payment Systems today.
Heartland Payment Systems was the largest data breach worldwide in 2009 with 130 million payment card details stolen.
Amichai Shulman, chief technology officer at security firm Imperva, said the Gonzalez case shows that enterprises are fighting today's cyber war with yesterday's technology.
"The current data security spend is focused on enterprise networks, yet the Gonzalez attacks took advantage of weaknesses in the database and applications. And this is an industry-wide problem," he said.
According to Shulman, research has shown that in 2009, 74% of lost data came from database breaches, 19% from application breaches and 7% from network breaches.
"Yet more than 90% of 2009's $16bn in security spend was on network security. This disconnect needs to be remedied," he said.