Second of 11 alleged TJX hackers pleads guilty

A Miami man could face a sentence of up to 22 years behind bars and a fine of up to $1 million for his crimes related to the massive data breach.

Robert Vamosi Former Editor

As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

See full bio

Robert Vamosi

Sept. 23, 2008 9:40 a.m. PT

A second criminal hacker accused of involvement in the massive data breach targeted at T.J. Maxx's parent company, one of the largest security breaches to date, reportedly pleaded guilty on Monday.

As part of a plea bargaining arrangement Christopher Scott, 25, of Miami, has admitted to computer hacking, access device fraud, and identity theft, according to the Associated Press. He could face a sentence of up to 22 years in jail and a fine of up to $1 million for his crimes.

The plea comes almost two weeks after Damon Patrick Toey pleaded guilty to his role. The 11 defendants were formally charged last month. Three are from the U.S., one from Estonia, three from the Ukraine, two from the People's Republic of China, and one from Belarus. Another man involved used an alias and his whereabouts are unknown.

In March 2007, TJX, the parent company of T.J. Maxx and Marshall's, said 45.7 million accounts were compromised over nearly a two-year period. The company believed the hackers gained access to millions of credit card and debit card numbers through inadequately protected Wi-Fi networks, and then put the numbers up for sale.