Business information

Hackers stole debit and credit card info from businesses: Feds

A 32-year-old man was sentenced to five years in prison on conspiracy to commit wire fraud and conspiracy to commit computer hacking charges on April 7, 2022 in Washington.

A 32-year-old man was sentenced to five years in prison on conspiracy to commit wire fraud and conspiracy to commit computer hacking charges on April 7, 2022 in Washington.

PA

A hacking group targeted businesses in all 50 states and stole more than 20 million debit and credit card statements from customers, federal officials said.

Denys Iarmak, 32, from Ukraine, is the group’s third regime member face jailthe United States Attorney’s Office for the Western District of Washington said in an April 7 news release.

Iarmak was sentenced to five years in prison after pleading guilty to conspiracy to commit wire fraud and conspiracy to commit computer hacking, the press release said. He was arrested in 2019 in Thailand.

His sentence was the lowest of his co-defendants, according to Yelena Sharova, one of Iarmak’s lawyers.

“Mr. Iarmak faces life imprisonment based on the allegations. Over the past 26 months, through a thorough investigation, we have been able to (minimize) Mr. Iarmak’s actual involvement in the alleged criminal activity,” Sharova told McClatchy News.

He is accused of being a “high profile hacker” for a hacking group called FIN7, the press release said.

FIN7 members hacked into businesses in all 50 states and the District of Columbia by stealing millions of credit and debit card statements, the statement said. The hack cost victims more than $1 billion, officials said.

The group targeted hospitality industries, including restaurants and casinos. Chipotle Mexican Grill, Chili’s Grill & Bar, Arby’s, Red Robin and Jason’s Deli were among the businesses hacked by the hacking group, prosecutors said.

To obtain the business card records, the hackers used phishing tactics to deliver malware to a company’s computer to gain access and control over its system, according to the indictment.

For example, a hacker would send an email to an employee of a targeted company asking them to click on an attachment that would spread malware onto their systems, according to court documents.

If they targeted a restaurant, they could send an email asking to place a restaurant order or a service complaint, prosecutors said in court documents.

The targeted businesses listed in the indictment are in western Washington and include Sonic Drive-In, Red Robin, Chipotle Mexican Grill, Jason’s Deli, BECU and Taco John’s. The group also targeted the Emerald Queen Hotel and Casino near Tacoma.

“Protecting businesses – large and small – online is a top priority for the Department of Justice. We are committed to working with our international partners to hold these cybercriminals accountable no matter where they live or how anonymous they think they are,” the Criminal Division Assistant Attorney General said. Kenneth A. Polite Jr. said in the press release.

Fedir Hladyr, alleged member of FIN7, was sentenced to 10 years in prison on April 16, 2021.

Andrii Kolpakov, also an alleged member of a hacking group, was sentenced to seven years in prison on June 24, 2021.

This story was originally published April 7, 2022 7:08 p.m.

Helena Wegner is a McClatchy Live National Reporter covering Washington State and the Western Region. She holds a journalism degree from the Walter Cronkite School of Journalism and Mass Communication at Arizona State University. She is based in Phoenix.