Three men have been sentenced for their roles in a wide-ranging hacking and spamming scheme that targeted personal information of 60 million people, including Comcast (CMCSA) customers, prosecutors said on Thursday.
Timothy Livingston, 31, was sentenced by U.S. District Judge William Martini in Newark, New Jersey, on Tuesday to four years in prison after pleading guilty to charges stemming from his role in a scheme that prosecutors said generated $1.3 million.
Tomasz Chmielarz, 34, and Devin McArthur, 28, were each sentenced on Thursday to two years of probation and ordered to pay restitution of $64,529, $7,070, respectively. Chmielarz must also pay a $3,000 fine, prosecutors said.
Their sentences were announced by the office of U.S. Attorney Paul Fishman in New Jersey. Their lawyers did not immediately respond to requests for comment.
Prosecutors said Florida resident Livingston owned a spam company called A Whole Lot of Nothing LLC and hired Chmielarz of New Jersey to write computer programs that send spam in a manner that conceals their origin and bypasses spam filters.
Get Data Sheet, Fortune’s technology newsletter.
Prosecutors said Chmielarz and Livingston hacked into email accounts and seized control of corporate mail servers to further their spam campaigns, and created software that exploited vulnerabilities in a several corporate websites.
Livingston, Chmielarz and McArthur, a Maryland resident, also worked together to steal databases containing the personal information of millions of Americans for use in spam campaigns, prosecutors said.
Prosecutors said McArthur admitted that he also gave Livingston unauthorized access to a remote administration tool on a computer connected to the network of a Pennsylvania-based telecommunications company where he worked.
That enabled Livingston and Chmielarz to steal the personal information of customers of the company for use in spam campaigns, prosecutors said.
The company was not named in court papers, but Comcast has previously confirmed it was the firm involved.
Other companies targeted included a New York telecommunications company, a New York technology and consulting company, and a Texas credit monitoring firm, the indictment said.