Prosecutors alleged that by breaking into the victim companies’ Snowflake instances, the hackers stole troves of sensitive personal and corporate data, including social security numbers, driver’s license numbers, passport numbers, and banking information, which makes these Snowflake-related breaches some of the worst cyberattacks of the year. In some cases, the hackers also asked victims for a ransom by threatening them with leaking the stolen information, threats that they followed up on at times.

Wired previously reported that AT&T paid a hacker $370,000 in an attempt to get them to delete the stolen records. Prosecutors said in the indictment that Victim-2 paid a ransom to the hackers.