Four hackers indicted in RBS WorldPay breach


Four hackers indicted in RBS WorldPay breach Staff

Four people who allegedly hacked into payment processor RBS WorldPay and helped steal more than $9 million from ATMs in a highly coordinated attack last year were indicted, authorities announced

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor


Sergei Tsurikov, 25, of Tallinn, Estonia, Viktor Pleshchuk, 28, of St. Petersburg, Russia, Oleg Covelin, 28, of Chisinau, Moldova, and a person known only as "Hacker 3" were indicted by a federal grand jury in Atlanta, Ga., the U.S. Department of Justice said.

The 16-page indictment alleges the group used sophisticated hacking techniques to compromise the data encryption used by Atlanta-based RBS WorldPay to secure payroll debit cards, which some companies use to pay their employees.

The group then allegedly raised the account limits on compromised accounts and gave 44 counterfeit payroll debit cards to a network of "cashers," who used the cards to drain more than $9 million from more than 2,100 ATMs in 280 cities around the world in less than 12 hours, according to prosecutors.

Four others, all from Estonia, were indicted for access device fraud in the case.

"Last November, in just one day, an American credit card processor was hacked in perhaps the most sophisticated and organized computer fraud attack ever conducted. Today, almost exactly one year later, the leaders of this attack have been charged," Acting U.S. Attorney Sally Quillian Yates of the Northern District of Georgia said in a prepared statement. "This investigation has broken the back of one of the most sophisticated computer hacking rings in the world."

RBS WorldPay, the U.S. payment processing arm of the Royal Bank of Scotland, reported last December that personal information of about 1.5 million pre-paid cardholders and other individuals was compromised when its computer system was hacked.

Prosecutors credited RBS WorldPay and cooperation with multiple law enforcement agencies worldwide in the investigation.