Manager of prominent Fin7 hacking group sentenced to 10 years in prison

The cybercriminals stole credit card information from banks and retailers.

NurPhoto via Getty Images

A senior organizer in an infamous hacking group that caused billions of dollars in losses to US companies has been sentenced to 10 years in prison. Fedir Hladyr, a 35-year-old Ukranian national, worked as a manager and systems administrator for a cybercrime outfit known as Fin7, which orchestrated attacks on banks and retailers on a global scale using the Carbanak malware.

At its height, the group included more than 70 people split into teams that were tasked with hacking into systems, developing and installing the virus and sending out spoof emails accompanied with phone calls to dupe unwitting businesses. Hladyr allegedly worked as a systems administrator for the group, helping to supervise its various units and maintain its network of servers.

The elaborate setup allowed the digital thieves to make away with tens of millions of stolen credit and debit card numbers belonging to the customers of banks and retail chains including Chipotle Mexican Grill, Chili’s, Arby’s, Red Robin, and Jason’s Deli. According to the Department of Justice, the group breached the computer networks of businesses in all 50 US states and the District of Columbia, while also launching attacks in the UK, Australia, and France.

Hladyr was arrested in 2018 in Germany and extradited to Seattle, Washington. In his plea deal, he said he joined Fin7 through a cyber security company that he soon realized was a fake enterprise built to serve the group's main purpose. Hladyr had pleaded guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking.

"This defendant worked at the intersection of all these activities and thus bears heavy responsibility for billions in damage caused to companies and individual consumers,” said Acting US Attorney Tessa M. Gorman of the Western District of Washington.