The U.S. Department of Justice on Thursday announced the indictment of five men who, the department alleges, conspired in a worldwide hacking and data breach scheme that targeted major corporate networks, stole more than 160 million credit card numbers and resulted in hundreds of millions of dollars in losses.

The defendants, in what the DOJ said is the largest such scheme ever prosecuted in the United States, are being charged with attacks on firms including New York-based Nasdaq; Dallas-based 7-Eleven Inc.; Boulogne-Billancourt, France-based Carrefour S.A.; Plano, Texas-based J.C. Penney Co. Inc.;, Scarborough, Maine-based Hannaford Brothers Co.; Princeton, N.J.-based Heartland Payment Systems Inc.; Foothill Ranch, Calif.-based Wet Seal Inc.; Ashford, England-based Commidea Ltd.; Brussels-based Dexia Bank Belgium S.A.; New York-based JetBlue Airways; New York-based Dow Jones Inc.; Leawood, Kan.-based Euronet Worldwide Inc.; San Francisco-based Visa Inc.; Atlanta-based Global Payment Systems; Riverwoods, Ill.-based Discover Financial Services Inc.; Miami-based Ingenicard US Inc.; and “Bank A,” which is described in the indictment as a bank headquartered in Abu Dhabi, United Arab Emirates.

The DOJ said the indicted men, who were either from Russia or Ukraine, allegedly took user names and passwords, means of identification, credit and debit card numbers and other cardholders’ corresponding personal identification information. After securing the card numbers and associated data, they allegedly sold it to resellers around the world.

“This type of crime is the cutting edge,” said U.S. Attorney Paul J. Fishman of the District of New Jersey in Newark, in a statement. “Those who have the expertise and the inclination to break into our computer networks threaten our economic well-being, our privacy, and our national security. And this case shows, there is a real practical cost because these types of frauds increase the costs of doing business for every American consumer, every day. We cannot be too vigilant and we cannot be too careful.”

Those named in the indictment were Vladimir Drinkman, of Moscow and Syktyykar, Russia; Alexandr Kalinin of St. Petersburg, Russia; Roman Kotov of Moscow; Mikhail Rytikov of Odessa, Ukraine; and Dmitriy Smilianets of Moscow.

If convicted, maximum penalties for the charged counts are 30 years in prison for conspiracy to commit wire fraud; 30 years in prison for wire fraud; five years in prison for conspiracy to gain unauthorized access to computers and five years in prison for unauthorized access to computers, according to the DOJ.