[BreachExchange] Four people charged for Zippy’s data breach

[Destry Winant]

https://www.khon2.com/news/local-news/four-people-charged-for-zippys-data-breach/

HONOLULU (KHON2) — The prosecutor’s office is formally charging four
people in connection with the Zippy’s data breach.

Prosecutors say hackers stole debit and credit card information from
Zippy’s customers between 2017 and 2018. They then uploaded the
profiles to the dark web and sold them. It’s a security data breach
affecting thousands of Zippy’s customers.

Chris Van Marter, Prosecutor’s Officer said, “Every single card
profile was compromised by the hackers.”

The Honolulu Prosecutors Office now formally charging four people
accused of using the stolen card profiles to make fraudulent
purchases. The four charged are Sean Kim, Shamika Ramirez, Joselyn
Llanesa and Lilia Fontanilla.

“The hackers then made those available on the internet to people who
were willing to purchase them. Sean Vincent Kim was one of the people
who used the internet to purchase the fraudulent accounts,” said Van
Marter.

The breach resulted in 595 fraudulent transactions on Oahu. Over 2,000
fraudulent purchases across the globe.

“The investigation established that fraudulent transactions occurred
in 17 countries and 28 states across the country,” said Van Marter.

Zippy’s released a statement saying, “Zippy’s would like to thank the
law enforcement agencies for bringing charges against the suspected
cybercriminals…the criminals charged in Honolulu yesterday are
suspected of buying stolen data on the Dark Web from Fin7 and their
associates.”

Zippy’s settled a class-action claim with the customers affected by
this massive data breach.