An Adelaide couple has been sentenced to prison for a hacking scheme that saw them steal over $1.15 million from small businesses.

Emily Walker, 29, and Jason Lees, 34, plead guilty to hacking and fraud charges last week for the scheme that involved remotely breaking into and modifying payroll data from over 20 organisations around the country including charities, ABC News reported.

They used hacking tools and stolen personal information to make fraudulent documents and divert funds from organisations using automated software that was installed on their victims’ machines.

Lees was sentenced to 8.5 years in prison and Walker was sentenced to just under five years. The latter had claimed a lesser role in the racket, saying she was involved in diverting less than $100,000 from the small organisations they targeted.

The presiding judge said the pair’s cybercrimes had a “devastating effect” on victims, according to ABC News.

“Some have been significant embarrassed and lost the trust and respect of their clients and contractors,” she said.

“All were likely to be easy targets [and] no doubt it had been too burdensome to have better cyber security in place.”

Lees and Walker used the stolen funds to fuel their drug habit with the former reportedly consuming $1,000 worth of methamphetamine a week.

SA Police arrested the pair in February 2020 as part of a joint investigation with NSW Police into an $11 million nationwide payroll and superannuation fraud scheme.

NSW Police arrested one of Walker and Lees’ accomplices in February 2020. He was sentenced to 11 years in prison last August.

When police busted up the fraud scheme, the Head of NSW Police’s Cybercrime Squad, Matthew Craft, warned people that their personal information could be used by criminals.

“During the course of this investigation, more than 80 individual personal and financial profiles have been identified as being obtained for the purpose of committing fraud,” he said.

“Identity information is a valuable commodity on the black market and dark web, and anyone who stores this data needs to ensure it is protected.

“Anyone who believes their identity has been compromised online is urged to contact their financial institution and police.”