Three alleged members of an international hacking group have been arrested for cybercrimes targeting over 100 retailers, including chains like Chili’s, Chipotle and Arby’s, the US government announced Wednesday.
The three men are Ukranian nationals and high-ranking members of a European hacker group known as FIN7, according to the Justice Department. The group is accused of stealing more than 15 million customer card records in the US alone and selling them on the dark web.
The government said the group “stole millions of customer credit and debit card numbers, which the group used or sold for profit.”
Fin7 used a company called Combi Security “to provide a guise of legitimacy and to recruit hackers to join the criminal enterprise,” the DOJ said in a release. Combi’s website stated it provided services such as penetration testing, allowing companies to test weak spots in their security systems.
“Since at least 2015, FIN7 members engaged in a highly sophisticated malware campaign targeting more than 100 U.S. companies, predominantly in the restaurant, gaming, and hospitality industries,” the press release states.
The government said the group breached the computer networks of companies in 47 states and the District of Columbia, as well as in the UK, Australia and France.
One man was arrested in Germany and is currently awaiting trial in the US. The other two were arrested in Poland and Spain and are awaiting extradition to the US, the government said at a news conference in Seattle.
Each of the three Ukranians is charged with 26 felony counts alleging conspiracy, wire fraud, computer hacking, access device fraud, and aggravated identity theft, the DOJ said.