Four hackers indicted in RBS WorldPay breach

Article

Four hackers indicted in RBS WorldPay breach

SearchFinancialSecurity.com Staff

Four people who allegedly hacked into payment processor RBS WorldPay and helped steal more than $9 million from ATMs in a highly coordinated attack last year were indicted, authorities announced Tuesday.

Sergei Tsurikov, 25, of Tallinn, Estonia, Viktor Pleshchuk, 28, of St. Petersburg, Russia, Oleg Covelin, 28, of Chisinau, Moldova, and a person known only as "Hacker 3" were indicted by a federal grand jury in Atlanta, Ga., the U.S. Department of Justice said.

The 16-page indictment alleges the group used sophisticated hacking techniques to compromise the data encryption used by Atlanta-based RBS WorldPay to secure payroll debit cards, which some companies use to pay their employees.

The group then allegedly raised the account limits on compromised accounts and gave 44 counterfeit payroll debit cards to a network of "cashers," who used the cards to drain more than $9 million from more than 2,100 ATMs in 280 cities around the world in less than 12 hours, according to prosecutors.

Four others, all from Estonia, were indicted for access device fraud in the case.

"Last November, in just one day, an American credit card processor was hacked in perhaps the most sophisticated and organized computer fraud attack ever conducted. Today, almost exactly one year later, the leaders of this attack have been charged," Acting U.S. Attorney Sally Quillian Yates of

    Requires Free Membership to View

    Login

    SearchFinancialSecurity.com members gain immediate and unlimited access to in-depth technical advice, strategies, and expert guides for securing data in high-risk financial environments. Join me on SearchFinancialSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchFinancialSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchFinancialSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

the Northern District of Georgia said in a prepared statement. "This investigation has broken the back of one of the most sophisticated computer hacking rings in the world."

RBS WorldPay, the U.S. payment processing arm of the Royal Bank of Scotland, reported last December that personal information of about 1.5 million pre-paid cardholders and other individuals was compromised when its computer system was hacked.

Prosecutors credited RBS WorldPay and cooperation with multiple law enforcement agencies worldwide in the investigation.


Back to top