DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

High-Level Member of FIN7 Sentenced to Prison for Scheme that Compromised Tens of Millions of Debit and Credit Cards

Posted on June 24, 2021 by Dissent

There’s an update to the case involving a member of FIN7. Three members of the group had been taken into custody in 2018 and their alleged ringleader pleaded guilty in 2020 

A Ukrainian national was sentenced today in the Western District of Washington to seven years in prison for his role in the criminal work of the hacking group FIN7. The defendant was also ordered by the court to pay restitution in the amount of $2,500,000.

According to documents filed in the case, statements made at the sentencing, and public documents, Andrii Kolpakov, 33, who has used a number of different names, served as a high-level hacker, whom the group referred to as a “pen tester,” for FIN7. He was arrested in Lepe, Spain, on June 28, 2018, at the request of U.S. law enforcement and was extradited to the United States on June 1, 2019. In June 2020, he pleaded guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking.

According to public documents, since at least 2015, members of FIN7 (also referred to as Carbanak Group and the Navigator Group, among other names) engaged in a highly sophisticated malware campaign to attack hundreds of U.S. companies, predominantly in the restaurant, gambling and hospitality industries. FIN7 hacked into thousands of computer systems and stole millions of customer credit and debit card numbers that were then used or sold for profit. FIN7, through its dozens of members, launched waves of malicious cyberattacks on numerous businesses operating in the United States and abroad. FIN7 carefully crafted email messages that would appear legitimate to a business’s employees and accompanied emails with telephone calls intended to further legitimize the emails. Once an attached file was opened and activated, FIN7 would use an adapted version of the Carbanak malware, in addition to an arsenal of other tools, to access and steal payment card data for the business’s customers. Since 2015, many of the stolen payment card numbers have been offered for sale through online underground marketplaces.

In the United States alone, FIN7 successfully breached the computer networks of businesses in all 50 states and the District of Columbia, stealing more than 20 million customer card records from over 6,500 individual point-of-sale terminals at more than 3,600 separate business locations. According to court documents, victims incurred enormous costs that, according to some estimates, exceeded $1 billion. Additional intrusions occurred abroad, including in the United Kingdom, Australia and France. Companies that have publicly disclosed hacks attributable to FIN7 include Chipotle Mexican Grill, Chili’s, Arby’s, Red Robin and Jason’s Deli.

Kolpakov was involved with FIN7 from at least April 2016 until his arrest in June 2018. He also managed other hackers tasked with breaching the security of victims’ computer systems. During the course of the scheme, Kolpakov received compensation for his participation in FIN7, which far exceeded comparable legitimate employment in Ukraine. Moreover, FIN7 members, including Kolpakov, were aware of reported arrests of other FIN7 members, but nevertheless continued to attack U.S. businesses.

Acting Assistant Attorney General Nicholas L. McQuaid of the Justice Department’s Criminal Division; Acting U.S. Attorney Tessa M. Gorman for the Western District of Washington; and Special Agent in Charge Donald M. Voiret of the FBI’s Seattle Field Office made the announcement.

This case is the result of an investigation conducted by the Seattle Cyber Task Force of the FBI and the U.S. Department of Justice. The Justice Department’s Office of International Affairs, the National Cyber-Forensics and Training Alliance, numerous computer security firms and financial institutions, FBI offices across the nation and globe, as well as a number of international agencies provided significant assistance. Spanish law enforcement authorities provided significant assistance by arresting Kolpakov.

This case was prosecuted by Trial Attorney Anthony Teelucksingh of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorneys Francis Franze-Nakamura and Steven Masada of the Western District of Washington.

Source: U.S. Department of Justice

Related posts:

  • Three members of notorious “FIN7” criminal ring in custody for attacking more than 100 companies
  • High-level organizer of notorious hacking group FIN7 sentenced to ten years in prison for scheme that compromised tens of millions of debit and credit cards
  • Justice Department Announces Five Cases as Part of Recently Launched Disruptive Technology Strike Force
  • South Korean National and Hundreds of Others Charged Worldwide in the Takedown of the Largest Darknet Child Pornography Website, Which was Funded by Bitcoin
Category: HackOf Note

Post navigation

← Arrested Clop gang members laundered over $500M in ransomware payments
MN: Former Mayo Clinic surgeon charged with invading patient privacy by accessing records improperly →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.