FILE - In this April 23, 2018, file photo, the logo for Chipotle appears above a trading post on the floor of the New York Stock Exchange. Fedir Hladyr, a 34-year-old Ukrainian, a member of a sophisticated international hacking group that authorities say targeted businesses in 47 states to steal credit and debit card records pleaded guilty Wednesday, Sept. 11, 2019, to hacking and wire fraud charges in Seattle. The plea agreement says the hacking group called FIN7 that launched attacks against hundreds of U.S. companies to steal financial information between 2015 and 2019. It's accused of stealing information involving about 15 million credit and debit cards, with more than $100 million in losses Companies hit by the hacking included Chipotle, Arby's Red Robin and Jason's Deli, prosecutors said. (AP Photo/Richard Drew, File)

FILE - In this April 23, 2018, file photo, the logo for Chipotle appears above a trading post on the floor of the New York Stock Exchange. Fedir Hladyr, a 34-year-old Ukrainian, a member of a sophisticated international hacking group that authorities say targeted businesses in 47 states to steal credit and debit card records pleaded guilty Wednesday, Sept. 11, 2019, to hacking and wire fraud charges in Seattle. The plea agreement says the hacking group called FIN7 that launched attacks against hundreds of U.S. companies to steal financial information between 2015 and 2019. It's accused of stealing information involving about 15 million credit and debit cards, with more than $100 million in losses Companies hit by the hacking included Chipotle, Arby's Red Robin and Jason's Deli, prosecutors said. (AP Photo/Richard Drew, File)

SEATTLE (AP) — A member of a sophisticated international hacking group that authorities say targeted businesses in 47 states to steal credit and debit card records pleaded guilty to hacking and wire fraud charges in Seattle.

Fedir Hladyr, a 34-year-old Ukrainian, also agreed to pay $2.5 million in restitution as part of his plea Wednesday in U.S. District Court. He could face up to 25 years in prison.

Defense lawyer Arkady Bukh said Hladyr agreed to enter guilty pleas to the two counts because he could have faced a possible sentence of hundreds of years in prison if he was convicted of multiple other counts initially filed against him.

ADVERTISEMENT

The issue at sentencing will be the number of victims and the dollar amount of losses, Bukh said.

“His wife in Ukraine and his family supports him and they’ll wait for him to come back home,” the lawyer said.

The plea agreement says Hladyr was a member of a hacking group called FIN7 that launched attacks against hundreds of U.S. companies to steal financial information between 2015 and 2019. It’s accused of stealing information involving about 15 million credit and debit cards, with more than $100 million in losses

Companies hit by the hacking included Chipotle, Arby’s Red Robin and Jason’s Deli, prosecutors said.

Under the plea agreement, the U.S. attorney’s office will dismiss 24 counts in the indictment, but the previous charges can be considered by the judge at sentencing.

Greg Otto, a cybersecurity expert, said the plea agreement “hints at a cooperation deal to give more information about the FIN7 group.”

“This group has been pretty brazen in the face of these arrests, so the U.S. government is going to continue to go after them through any means necessary,” Otto said.

Hladyr was arrested in Germany last year. He was FIN7′s systems administrator and maintained the group’s servers, prosecutors said.

Two other members of the group were charged in the hacking conspiracy. Dmytro Fedorov was being held in Poland and Andrii Kolpakov was arrested on May 31, according to court records. His trial is set next year.

The group used phishing emails containing malware that compromised computers, prosecutors said. The emails were sent to people working at hotels and restaurants. The hackers would follow up with phone calls to get them to open attachments sent in the emails, FBI Special Agent Jay Tabb has said.

Once the hackers were inside the computer system, they would access sensitive financial information.

FIN7 then offered the information for sale and it was used to conduct fraudulent transactions, authorities say.

__

Follow Martha Bellisle at https://twitter.com/marthabellisle