HONOLULU (KHON2) — The prosecutor’s office is formally charging four people in connection with the Zippy’s data breach.

Prosecutors say hackers stole debit and credit card information from Zippy’s customers between 2017 and 2018. They then uploaded the profiles to the dark web and sold them. It’s a security data breach affecting thousands of Zippy’s customers.

Chris Van Marter, Prosecutor’s Officer said, “Every single card profile was compromised by the hackers.”

The Honolulu Prosecutors Office now formally charging four people accused of using the stolen card profiles to make fraudulent purchases. The four charged are Sean Kim, Shamika Ramirez, Joselyn Llanesa and Lilia Fontanilla.

“The hackers then made those available on the internet to people who were willing to purchase them. Sean Vincent Kim was one of the people who used the internet to purchase the fraudulent accounts,” said Van Marter.

The breach resulted in 595 fraudulent transactions on Oahu. Over 2,000 fraudulent purchases across the globe.

“The investigation established that fraudulent transactions occurred in 17 countries and 28 states across the country,” said Van Marter.

Zippy’s released a statement saying, “Zippy’s would like to thank the law enforcement agencies for bringing charges against the suspected cybercriminals…the criminals charged in Honolulu yesterday are suspected of buying stolen data on the Dark Web from Fin7 and their associates.”

Zippy’s settled a class-action claim with the customers affected by this massive data breach.