The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

FIN7 Hacker Pleads Guilty

by Chris Brook on Thursday November 19, 2020

Contact Us
Free Demo
Chat

Another hacker associated with FIN7 – a group responsible for hacking more than 100 US companies and stealing 15 million credit card details – plead guilty this week.

More than a year and a half after he was extradited to the United States from Spain, another of the alleged masterminds behind the FIN7 hacking group finally plead guilty this week.

Andrii Kolpakov, one of the three hackers behind FIN7, known in some circles as the Carbanak Group, entered into a plea agreement on Monday, according to court documents filed in the United States District Court for the Western District of Washington at Seattle.

In the agreement Kolpakov plead guilty to conspiracy to commit wire fraud and conspiracy to commit computer hacking.

Kolpakov was one of three Ukrainian nationals named in an indictment by the Department of Justice as members of FIN7 in 2018.  The cases against the other two members, Dmytro Fedorov, Fedir Hladyr, are still ongoing. Hladyr, who was arrested in Dresden, Germany, plead guilty to wire fraud and conspiracy to commit computer hacking last fall but his sentencing isn’t scheduled until Dec. 11.

The FBI attributed the group in the 2018 indictment to a malware campaign that hit more than 100 US companies, stealing 15 million credit card details from 6,500 point of sale terminals at more than 3,600 locations. The group mostly hit the restaurant, gaming, and hospitality industry. Some of the higher profile victims included Chipotle, Jason's Deli, Red Robin, Sonic Drive-In, Saks Fifth Avenue, and Whole Foods.

Kolpakov, whom the group referred to as a pentester helped breach a number of U.S. businesses, mostly through spearphishing emails; he also helped manage other members of the group.

Per reports, Kolpakov worked under FIN7 from 2016 until he was arrested by law enforcement in Spain in 2018 with a laptop and hard drives replete with stolen payment card information and employee credentials. According to the plea agreement, during Kolpakov's time with FIN7, the group's activity "resulted in over $100 million in losses to financial institutions, merchant processers, insurance companies, retail companies, and individual cardholders."

Kolpakov faces up to a 25-year federal prison term and a $500,000 fine whenever he's sentenced.

Tags: hacking

Recommended Resources


  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives
  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.