You won't want to miss out on the world-class speakers at TNW Conference this year 🎟 Book your 2 for 1 tickets now! This offer ends on April 22 →

This article was published on August 23, 2019

Hacker who sold Uber’s and Sainsbury’s customer data forced to give up $1M in cryptocurrency

Hacker who sold Uber’s and Sainsbury’s customer data forced to give up $1M in cryptocurrency

A hacker has been ordered to pay back over $1.1 million (£900,000) in cryptocurrency after carrying out attacks on several well-known businesses including Uber, Sainsbury’s, and Groupon.

Grant West, a 27-year-old, who lived in a caravan park in Kent, England, has been told to pay back £922,978.14 after police forfeited his stolen funds following a two-year investigation called ‘Operation Draba.’

West operated on the dark web under the ‘Courvoisier’ alias and mostly used phishing emails to gain access to financial data of tens of thousands of customers before flogging them on several illicit marketplaces.

Argos, Nectar, Labdrokes, Coral Betting, and supermarket chain Asda, were among the companies affected. He also hacked into the British Cardiovascular Society.

The <3 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

West began trading on the dark web in March 2015 and was able to complete over 47,000 transactions using a fake online shop. He also sold cannabis and guides to help others carry out similar attacks.

For approximately five months, between July and December 2015, West carried out a phishing scam by masquerading as popular online takeaway firm Just Eat in a bid to get the personal details of 165,000 customers.

Luckily, Grant, who was jailed in May last year, was unable to gain access to financial information but Just Eat was left to foot a £200,000 bill.

To carry out his cyber attacks, West used his girlfriend’s laptop, where he stored the data of more than 100,000 people.

During their searches, police found an SD card at his address containing 78 million usernames and passwords and 63,000 credit and debit card details. He used some of these to pay treat himself to holidays and such.

Alongside the cryptocurrency, police confiscated $30,612.75 (£25,000) in cash and half a kilogram of cannabis.

His prison sentence was handed down after he pleaded guilty to 10 charges, including two counts of conspiracy to defraud and two counts of possession of criminal property.

The forfeited cryptocurrency will be sold and victims are set to receive compensation.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with