Three people in the US have been charged over a string of hacking and fraud schemes that targeted banking giant JPMorgan Chase, among others. Prosecutors say the "sprawling cybercriminal enterprise" dates to 2007.
Israeli nationals Gery Shalon and Ziv Orenstein, and US citizen Joshua Samuel Aaron, were Tuesday charged in a 23-count indictment for alleged crimes ranging from fraud and identity theft to conspiracy.
The three defendants are accused of running a hacking scheme that compromised the personal data of tens of millions of customers from JPMorgan Chase and other firms. The indictment, unsealed in New York federal court, said the trio led a "sprawling cybercriminal enterprise" spanning eight years.
"By any measure, the data breaches at these firms were breathtaking in scope and in size," US Attorney Preet Bharara said at a press conference.
The accused allegedly targeted at least a dozen financial companies including banks and brokerages, and ran schemes that involved artificially pumping up stock prices, online casinos, payment processing for criminals and at least 75 shell companies and accounts around the world.
A fourth person, Anthony Murgio from Florida, was charged over a bitcoin scheme to launder the hackers' proceeds. Their activities generated millions in illegal profit.
The defendants are the first to be charged over a 2014 attack targeting JPMorgan Chase, which compromised information in more than 75 million customer accounts. Prosecutors described the hack as the largest theft of customer data from a US financial institution. JPMorgan on Tuesday confirmed that the latest charges relate to last year's breach.
"We appreciate the strong partnership with law enforcement in bringing the criminals to justice," bank spokeswoman Patricia Wexler said in a statement. "We continue to cooperate with law enforcement in fighting cybercrime."
Authorities said Shalon and Aaron carried out the attack using a computer server in Egypt. The new charges portray Shalon as the ringleader of the group, having orchestrated hackings since 2012 against nine companies in which information from more than 100 million customers was stolen.
Other firms previously identified as victims include New Corp's Dow Jones media group, and online brokers ETrade Financial Corp and Scottrade.
nm/kms (Reuters, AFP)