[BreachExchange] Russian Hacker Pleads Guilty to JPMorgan’s Data Breach

Destry Winant destry at riskbasedsecurity.com
Wed Sep 25 10:35:08 EDT 2019


https://www.cisomag.com/russian-hacker-pleads-guilty-to-jpmorgans-data-breach/

Andrei Tyurin, a Russian hacker, pleaded guilty in the Federal Court
for being involved in the theft of more than 80 million clients’
information of JPMorgan Chase & Co in 2014, making it one of the
largest thefts of customer data in U.S. history. The hacker was also
accused of stealing customer information from other banks, brokerage
firms and financial companies in the U.S., including Fidelity
Investments, E-Trade Financial, and Dow Jones & Co.

“Andrei Tyurin’s extensive hacking campaign targeted major financial
institutions, brokerage firms, news agencies, and other companies.
Ultimately, he gathered the customer data of more than 80 million
victims, one of the largest thefts of U.S. customer data from a single
financial institution in history.  With today’s plea, Tyurin’s global
reign of computer intrusion is over and he faces significant time in a
U.S. prison for his crimes,” said Manhattan U.S. Attorney Geoffrey S.
Berman.

According to the official statement, Tyurin will forfeit US$ 19
million and might face 15 to 20 years of the sentence. In total,
Tyurin pleaded guilty for bank fraud, identity theft, computer
intrusion, wire fraud, and illegal online gambling. Andrei Tyurin was
extradited to New York from the Republic of Georgia last year for his
involvement in the JPMorgan data breach.

In 2014, JPMorgan, the American multinational investment bank,
reported a massive data theft that exposed more than 80 million
customer records. The company reported that attackers compromised an
employee’s personal computer and went on to gain unauthorized access
to the company’s server. The bank declared that names, email and
postal addresses, and phone numbers of account holders were
compromised.

However, the account login credentials such as social security codes,
PINs and passwords remained safe. The phishing attack was carried out
in June, discovered in late July, and could not be stopped till the
middle of August 2014. Prosecutors said that Tyurin was allegedly
worked for Gery Shalon, an Israeli who’s facing charges over the hack
in a Manhattan federal court along with two other Israelis, Joshua
Samuel Aaron, and Ziv Orenstein.


More information about the BreachExchange mailing list