A 22-year-old Frenchman was sentenced on Tuesday to three years in U.S. federal prison for his participation in the ShinyHunters hacking group.

Sebastien Raoult, also known as “Sezyo Kaizen,” was extradited to the U.S. in January 2023 after his arrest in Morocco the year before. He pleaded guilty to conspiracy to commit wire fraud and aggravated identity theft and is also required to pay $5 million in restitution.

According to an indictment from prosecutors in the Western District of Washington, Raoult and two co-conspirators hacked more than 60 companies around the world and posted stolen data on dark web forums like RaidForums, EmpireMarket and Exploit. In some cases, they threatened to leak data if a ransom was not paid.

In 2020 and 2021, ShinyHunters perpetrated a series of hacks on well-known entities, including breaches of the clothing retailer Bonobos, the photo app Pixlr and Microsoft’s GitHub account. It also claimed to have information from 70 million AT&T accounts, although the company denied it had been breached.

According to the DOJ, Raoult and accomplices created spoof websites pretending to be the login pages of legitimate businesses, and sent phishing emails to company employees. When the victims entered their credentials, the hackers were able to gain access to their accounts. They stole “hundreds of millions of customer records” and inflicted an estimated $6 million in losses.

“This is an extraordinarily serious offense. We’re talking about him robbing people of millions of dollars,” said U.S. District Judge Robert S. Lasnik at the sentencing hearing, according to a Department of Justice release.

Raoult’s father told DataBreaches.net that the sentence includes served time in Morocco and Seattle, meaning that he only has another 11 months to serve in prison.

According to the DOJ, Raoult told the court: “I understand my mistakes and I want to put that part behind me. No more hacking. I don’t want to disappoint my family again.”