Member of Hacking Ring Sentenced for ATM Theft Spree
A still shot of the hidden camera's video feed, clearly showing a customer typing in his card PIN.
CREDIT: New York County District Attorney's Office
A woman who helped steal millions of dollars from ATMs in a sophisticated and complex hacking scheme has been sentenced to 2½ years in prison and ordered to repay about $89,000.
Sonya Martin, 45, was part of a team that hacked into the WorldPay US (formerly RBS Worldpay) network in December 2008 and stole the account details of roughly 1.5 million customers, accessed two decades' worth of payment-processing information and fraudulently used reloadable employee payroll cards.
The group, headed by Albert Gonzalez, an infamous computer criminal now serving a 20-year prison sentence, then used the stolen information to clone debit cards, leading to the unauthorized withdrawal of $9 million from ATMs in just half a day.
Martin, who lives in Nigeria, was caught and arrested as she attempted to fly from New York City to London in March 2011.
According to Eduard Kovacs of Softpedia, the group also inflated the balances and withdrawal limits on over 40 accounts.
Collectively, the group stole over $9 million from 2,100 ATMs in nearly 300 cities. The Atlanta Journal-Constitution said Martin worked with "cashers," the individuals responsible for physically taking the money out of ATMs, in Chicago.
The incident led Visa to revoke WorldPay's Payment Card Industry Data Security Standard compliance approval in February 2009, forcing the U.S. arm of the Royal Bank of Scotland to suspend transactions with payment processors.
Heartland Payment Systems, which worked with WorldPay, also lost its PCI-DSS compliance certification after it admitted that the hackers had installed malware on their systems months before the actual data breach.
Both companies regained their compliance approval three months later after making network-security improvements and encrypting the highly-sensitive information stored in their systems.
Gonzalez was arrested in New Jersey in 2009 in connection with the Heartland and WorldPay case. He was sentenced in March 2010 to 20 years in federal prison. He also has been convicted of hacking schemes against the retail chains Dave & Buster's and TJ Maxx.