Dive Brief:
- Four people were charged in a hacking plot that targeted several large U.S. financial institutions between 2012 and 2015.
- The indictment includes 12 victims, including JP Morgan and other financial services companies as well as a financial news organization and software development firms.
- The hackers allegedly stole the personal information of over 100 million customers.
Dive Insight:
The US Attorneys Office described the act as the “largest theft of customer data from a US financial institution in history.”
Gery Shalon, Joshua Aaron, and Ziv Orenstein have been charged with 23 different crimes, including computer hacking and fraud. A fourth person, Anthony Murgio, was indicted separately on Tuesday.
In October of last year, JP Morgan said it had suffered a cyberattack over the summer that year, which affected 76 million households, but the perpetrators had not been named until now.
The hackers allegedly bought small amounts of companies’ shares, then used stolen email addresses to inform investors to buy into those stocks. When the stock price rose, the hackers would sell off their investment, making a profit.
Other companies reportedly affected include E*Trade and ScottTrade.
Financial institutions are required by law to collect and hold on to large amounts of personal data for their customers, making them appealing targets for hackers.