One of 11 alleged T.J. Maxx hackers pleads guilty

Defendant reportedly pleads guilty in Boston federal court in a wireless data breach that exposed at least 45.7 million accounts to criminals.

Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
Declan McCullagh

One of the hackers accused of involvement in the massive data breach targeted at T.J. Maxx's parent company, arguably the largest security breach worldwide, reportedly pleaded guilty on Thursday.

Damon Patrick Toey pleaded guilty to wire fraud, credit card fraud, and aggravated identity theft, and will be released subject to electronic monitoring, according to a report on the Wall Street Journal's Web site. Eleven defendants total are facing charges in federal court in Boston.

TJX Companies, the parent company of T.J. Maxx and Marshall's, said in March 2007 that 45.7 million accounts were compromised over nearly a two-year period. The company said--and federal investigators subsequently confirmed--that it believed the hackers gained access to millions of credit card and debit card numbers through inadequately protected Wi-Fi networks, and then put the numbers up for sale.

The 11 defendants were formally charged last month, including three from the U.S., one from Estonia, three from the Ukraine, two from the People's Republic of China, and one from Belarus. One used an alias and his whereabouts are unknown.