The Department of Justice has indicted eight individuals in who allegedly stole more than $9 million by illegally accessing the computer network at Royal Bank of Scotland (RBS) WorldPay in Atlanta.

The DOJ yesterday announced that Sergei Tsurikov, 25, of Tallinn, Estonia; Viktor Pleshchuk, 28, of St. Petersburg, Russia; Oleg Covelin, 28, of Chisinau, Moldova; and a person known only as "Hacker 3;" had been indicted by a federal grand jury in Atlanta, Ga., on charges of hacking into a computer network operated by the Atlanta-based credit card processing company RBS WorldPay, which is part of the Royal Bank of Scotland.

Igor Grudijev, 31, Ronald Tsoi, 31, Evelin Tsoi, 20, and Mihhail Jevgenov, 33, each of Tallinn, Estonia, were also indicted for access device fraud.

The group is said to have hacked into RBS WorldPay's system, compromising the data encryption used by the bank to protect customer data on payroll debit cards. They then raised the limits on all compromised accounts before providing a network of "cashers" with 44 fake payroll debit cards. These cashers went on to withdraw more than $9 million from 2,100 ATMS in more than 280 cities worldwide in less than 12 hours. The list of cities included cities in the US, Russia, the Ukraine, Estonia, Italy, Hong Kong, Japan and Canada.

The DOJ said in a statement that Tsurikov, Pleshchuk, Covelin and "Hacker 3" each face a maximum sentence of up to 20 years in prison for conspiracy to commit wire fraud and each wire fraud count; up to five years in prison for conspiracy to commit computer fraud; up to five or 10 years in prison for each count of computer fraud; a two-year mandatory minimum sentence for aggravated identity theft; and fines up to $3.5 million dollars. The charges against Grudijev, the Tsois and Jevgenov carry a maximum of up to 15 years in prison for each count and a fine of up to $250,000. The indictment also seeks criminal forfeiture of $9.4 million from the defendants.

Read the complete statement here.