A Ukrainian citizen has been ordered to spend seven years in federal prison for his role in hacking into financial transactions at Burgerville and other U.S. businesses.
Andrii Kolpakov, 33, was a member of a criminal hacking group known as FIN7, according to a news release from the Office of the U.S. District Attorney for Western Washington.
Kolpakov, who has used a number of aliases, was also fined $2.5 million. At last week’s sentencing hearing, Chief U.S. District Judge Ricardo S. Martinez said, “To indiscriminately prey on millions of people … the consequences must be serious.”
He was arrested in Lepe, Spain, on June 28, 2018, at the request of U.S. law enforcement and was extradited to the United States on June 1, 2019. In June 2020, he pleaded guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking.
“This defendant breached the security of numerous U.S. businesses and managed a team of hackers hunting payment card information,” Acting U.S. Attorney Tessa M. Gorman said. “He was not the leader — but he was an instrumental cog in the wheel — training recruits, developing new hacking techniques and adding to FIN7’s malware arsenal. He left millions of victims in his wake and, together with his fellow hackers, caused tremendous harm to U.S. interests, estimated to be in the billions of dollars.”
Since 2015, FIN7 has hacked the computer systems of hundreds of U.S. companies, primarily in the restaurant, gambling and hospitality industries. The gang stole millions of customer credit and debit card numbers from people who had dined at Chipotle Mexican Grill, Chili’s, Arby’s, Red Robin and other chains.
Among the victims were an unknown number of Burgerville customers who paid with bank cards between September 2017 and September 2018. After the breach was discovered, Burgerville offered credit recovery services to victims and credit monitoring to potential victims.