Five men have been charged with stealing millions of dollars from military members and veterans as part of an international identity theft and fraud ring that used stolen personal information to gain access to Department of Defense and Veterans Affairs benefit sites.

The U.S. Department of Justice has charged Frederick Brown, Robert Wayne Boling Jr., Trorice Crawford, Allan Albert Kerr, and Jongmin Seok with conspiracy, wire fraud, and aggravated identity theft. Boling, an American citizen, Kerr, of Australia, and Seok, of South Korea, were taken into custody in the Philippines. Brown and Crawford, both American citizens, were arrested in the United States.

U.S. Attorney John Bash called the men’s alleged scheme “the largest criminal case ever involving identity theft of military-affiliated personnel.”

The five men allegedly began the fraud in 2014 when Brown, a civilian technician at a U.S. Army installation, was able to gain access to military members’ and veterans’ personal data, including names, addresses, Social Security numbers and military ID numbers. The group allegedly used the stolen data to compromise a Department of Defense portal and transfer money from military members’ bank accounts and veterans’ benefit payments to fake bank accounts. Most of the victims were disabled and elderly veterans with the group also targeting military-affiliated banking institutions such as Randolph-Brooks Federal Credit Union and USAA.

“The compromise of personally identifiable information can significantly harm our service members, veterans and their families and we will aggressively investigate such matters,” said Glenn Fine, the Department of Defense principal deputy inspector general.

The Department of Defense Office of Inspector General, Department of Justice, and Veterans Affairs worked with the U.S. Attorney’s Office for the West District of Texas to investigate the crimes and bring charges against the five men. The men face more than 20 years in prison if convicted.

Department of Defense and Veterans Affairs officials said their departments are working to identify what accounts have been affected and notifying victims. They said both departments are installing additional protective measures to prevent future data breaches.