3 Charged in Largest-Ever U.S. Bank Data Breach

• By Sydny Shepard
• Nov 11, 2015

U.S. prosecutors unveiled criminal charges against three men accused of running a sprawling computer hacking and fraud scheme that included a huge attack against JPMorgan Chase & Co and generated hundreds of millions of dollars in profit.

Gery Shalon, Joshua Samuel Aaron and Ziv Orenstein were charged in a 23-count indictment with alleged crimes targeting 12 companies, including nine financial service companies and media outlets including The Wall Street Journal.

According to the indictment, the men stole customer records of more than 83 million customers of JPMorgan Chase & Co. from June 2014 to August 2014. The court papers said identifying information on millions of other people was stolen in cyber attacks from 2012 to last summer against several other financial institutions, financial services corporations and financial news publishers.

Prosecutors revealed the enterprise dated from 2007, and caused the exposure of personal information belonging to more than 100 million people.

“By any measure, the data breaches at these firms were breathtaking in scope and in size and signal a ‘brave new world of hacking for profit’.” U.S. Attorney Preet Bharara said at a press conference.

The alleged enterprise included pumping up stock prices, online casinos, payment processing for criminals, an illegal bitcoin exchange and the laundering of money through at least 75 shell companies and accounts around the world.

Authorities said Shalon and Aaron executed the hacking, using a computer server in Egypt that they had rented under an alias that Shalon often used.