Second man pleads guilty in huge data breach case

Graham Cluley
Graham Cluley
@

 @grahamcluley.com
 @[email protected]

TJ Maxx

25-year-old Christopher Scott of Miami, Florida, has pleaded guilty to a range of charges connected with what has been described as the single largest and most complex case of hacking and identity theft ever prosecuted.

According to the Associated Press, Scott has admitted his involvement in a heist that hacked into nine retail outlets and stole more than 40 million credit and debit card numbers.

Scott was one of 11 men charged in May with breaking into the wireless networks of major retailers including OfficeMax, Barnes & Noble, Boston Market, Sports Authority, Forever 21, DSW, BJ’s Wholesale Club and TJX, which operates retail stores T.J. Maxx (known as TK Maxx in the UK) and Marshall’s.

Sign up to our free newsletter.
Security news, advice, and tips.

According to reports, Scott was an expert in hacking into wireless networks and assisted the rest of the gang in stealing customers’ credit card information from the affected retail stories. He faces up to 22 years in jail and a million dollar fine for his crimes.

Prosecutors claim that the gang concealed the stolen data on encrypted servers in the United States and Eastern Europe, either selling credit card numbers to other criminals or creating fake cards to withdraw thousands of dollars from ATM machines.

Earlier this month, Damon Patrick Toey, one of the other men accused of the TJX data breach, also entered a guilty plea.

The gang’s alleged leader, Albert Gonzalez, who faces a possible sentence of life imprisonment if convicted of all the charges laid against him, has pleaded not guilty.

The investigation into this massive data theft has been huge, and the authorities should be applauded for successfully bringing it a step further to resolution. Other firms would be wise to learn from these major retailers’ misfortunes, and ensure that their data is properly secured, and not open to theft by organised hackers.

* Image source: Ztil301’s Flickr photostream (Creative Commons 2.0)


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky and Mastodon, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.