2 min Security

Dutch hacker gets four-year prison term for extorting companies, money laundering

Dutch hacker gets four-year prison term for extorting companies, money laundering

Dutch hacker Pepijn Van der Stap has recently been sentenced to four years in prison. He was found guilty of extortion of multiple companies, selling stolen data and laundering his monetary gains through cryptocurrency.

Van der Stap and a number of fellow criminals attacked a large number of Dutch and foreign companies in the period between August 2020 and January 2023.

In these attacks, they misappropriated sensitive data such as personal data of tens of millions of people, including those of Dutch citizens, but also from other Europeans. Companies that were attacked, were then extorted to pay.

If they did not comply, their information would be offered for sale on hacker forums. Many affected companies opted to pay the ransom, often amounting to more than 100,000 euros. One outlier even ended up costing the victimized organization 700,000 euros. The main suspect was able to derive an income of about 2.5 million euros from this, which was laundered via cryptocurrency.

After payment, this data was often offered for sale, Dutch police reported after the arrest of Van der Stap and his fellow hackers.

Prison sentence for hacking activities

The judge has now imposed a four-year prison sentence (of which one is suspended) on Van der Stap, including the length his current stay in prison. He is also given a three-year probation term.

He must also pay damages (with interest) and a fine to the State. The prosecutor had demanded a six-year prison sentence in this case.

The trial further revealed that Van der Stap is an experienced security specialist. Among other things, he worked at Hadrian Security and was a volunteer at the Dutch Institute for Vulnerability Disclosure (DIVD). As a hacker, he was a member of the hacker forums RaidForums, BreachForums, Sinister[.]ly, HackForums, Leakforums and Maza, among others.

Read also: Mastermind behind Lapsus$ ransomware attacks found guilty