TJX data theft conspirator pleads guilty

A Miami, Florida man was convicted in federal court of conspiring to electronically break into corporate computer networks, download customers’ credit and debit card information, and fraudulently use and sell that information. Christopher Scott, age 25, of Miami, Florida, pleaded guilty to conspiracy, unauthorized access to computer systems, access device fraud and identity theft.

Between approximately 2003 and 2007, Christopher Scott, Albert Gonzalez and others electronically broke into a number of large retailers’ computer networks. Scott’s expertise was hacking wireless networks. Scott, along with others, including Gonzalez, would “wardrive,” scanning the airwaves in shopping strips in Miami from their cars looking for potentially vulnerable wireless access points. When they found one, they would park in adjacent lots or sit in nearby loaned or rented rooms with laptop computers until they were able to compromise the perimeter of the retailer’s computer network.

Once inside, they would search the network for credit and debit card information, either in storage or travelling across the network in an unencrypted state. In this manner, Scott compromised computer networks being used for credit and/or debit card transaction processing by retailers Boston Market, Sports Authority, Marshalls and numerous others. Marshalls is operated by TJX companies, the Massachusetts-based victim identified in Counts Two through Four of the Information.

Scott provided the credit card and debit card information he harvested to Gonzalez to sell or for other fraudulent use. In the instance of TJX, this amounted to the credit card numbers and related information of tens of millions of individuals. Gonzalez and other conspirators fraudulently used the credit and debit card information to obtain cash advances and sold the information to others for fraudulent use by them. For his part in the numerous data thefts, Scott was paid approximately $400,000. He received payment in cash and loaded ATM cards.

The $400,000 Scott profited from his computer and access device fraud, purchases he made with these profits, and tools of his trade are the objects of the forfeiture count to which Scott agreed at the end of the Information.

He faces up to 22 years imprisonment, to be followed by 3 years of supervised release and a $ 1,000,000 fine.




Share this