Header graphic for print
Privacy Compliance & Data Security Information on Data Breach Prevention and the Appropriate Response

Latest TJX Breach Lesson: Crime Does Not Pay

Posted in Data Theft

A co-conspirator in the TJX breach, Humza Zaman, saw the next 46 months of his life laid out before him in Boston yesterday, as he was sentenced in federal court for his role in the TJX breach. He was also fined $75,000.  He will also have  three years of supervised release, must disclose his conviction to future employers, but he will not be prevented from using computers.

Zaman’s role appears to be limited to money laundering activity while he was employed by Barclay’s Bank. Zaman, apparently feeling he was only doing favors for Albert Gonzalez (by all accounts, the mastermind behind the data theft), would meet and mule large amounts of cash that he received from “an unknown man of apparent Eastern European descent.”

The writer of the “sniffer” computer program that was used in the data theft, Stephen Watt, was sentenced last December to two years in prison.

Lex Luther Albert Gonzalez is awaiting sentencing and faces a minimum sentence of 17 years in prison.

Wired has a much more thorough reporting of the prosecution side of the TJX breach, which is worth a read by not only business folks, but people that may get drawn into similar schemes.

Updated: Special thanks to the German Privacy Foundation for noting that I had punishments for Mr. Zaman and Mr. Watt flipped in certain portions of the original posting.  It is nice to have such friendly and professional communications from our friends in Germany.