Back in October 2014, we told you about a data breach at JPMorgan Chase that affected 76 million households and 83 million customers — the largest financial breach ever. Now, it has been revealed that the scope of that attack was so much bigger than anyone realized. JPMorgan Chase was just part of the hackers’ massive scheme that hit 14 other companies and affected more than 100 million people. Two of the three main alleged hackers have been caught and the scope of their criminal activity is now coming to light.
Manhattan U.S. Attorney Preet Bharara held a press conference on November 10 to share details about the “largest theft of customer data from a U.S. financial institution in history.” Bharara said the hackers — Gery Shalon, Joshua Samuel Aaron, and Ziv Orenstein — were trying to support stock manipulation schemes, payment-processing schemes, and gambling. Their hacks occurred between 2012 and mid-2015, but they have been accused of other criminal activity that goes back to 2007. Mashable says that the hacker group even hacked into the e-mail accounts of a security firm that was tracking their illegal activities. They used that information to avoid the security firm’s investigation.
USA Today reports that Shalon and Orenstein were arrested in Israel, where they are from, in July. Aaron, a U.S. citizen, is still wanted by the FBI and is believed to be in Eastern Europe.
Prosecutors would not name which specific companies were targeted in this enormous breach, but some have voluntarily come forward. Companies include:
- JPMorgan Chase
- TD Ameritrade
- News Corp.’s Dow Jones unit
- The Wall Street Journal
Others not specifically named include one of the world’s largest financial services corporations providing mutual fund services in Boston, two software developers, and a financial news publication in Baltimore.
The majority of people affected by this multi-company hacking scheme are customers of JPMorgan Chase. It is estimated that a total of 100 million people had their private data stolen, and 83 million of those were JPMorgan Chase customers.
During his press conference, Bharara also made a point to appeal to all present and future hacking victims to reach out to law enforcement for help.
“The best bet to identify, stop, and punish cybercriminals is to work closely, and early, with law enforcement,” Bharara said. “That happened here, and today’s charges are proof of that.”
The three hackers face 23 counts of fraud, hacking to manipulation, and other illegal activities. Two other men are facing charges, but their direct link to the scheme has not been established yet.