(CN) – Two Russian hackers who were key players in one of the largest, most brazen data breaches involving the theft of 160 million credit card numbers were sentenced Wednesday to a combined 16 years in prison.
Vladimir Drinkman, a Russian citizen, pleaded guilty in 2015 to committing the biggest data breach ever prosecuted by the U.S. government: hacking 17 corporate networks – including at Nasdaq, 7-Eleven, JetBlue, and others – and stealing more than 160 million credit card numbers.
Three of the corporations targeted reported losses of more than $300 million combined. The biggest hit was credit-card processing company Heartland Payment Systems, which reported losses of $200 million.
From 2005 to 2012, Drinkman and four others hacked the corporate networks used for financial transactions, with Drinkman specializing in penetrating network security and then mining the networks for personal information.
Authorities say the hackers exploited vulnerabilities in special programming language at corporate networks, infiltrated the networks, and then inserted malicious code into the systems, allowing “back door” access for the data thieves.
Dmitriy Smilianets, a Russian co-conspirator, then sold the stolen credit card numbers. American credit cards went for $10 and Canadian cards for $15, while European credit cards fetched $50, sources said.
In 2012, Drinkman was arrested along with Smilianets while the two were on vacation in the Netherlands. They were eventually extradited to the U.S.
Drinkman faced more than 30 years in prison for his crimes, but U.S. District Judge Jerome B. Simandle sentenced him to 12 years on Wednesday, plus three years of supervised release.
Smilianets was sentenced to four years in prison, plus five years of supervised release.
Their co-conspirators Alexandr Kalinin, Roman Kotov and Mikhail Rytikov remain at large.