Four people have been charged in a broad hacking scheme that targeted JPMorgan Chase and other financial institutions between 2012 and 2015, according to an indictment unsealed Nov. 9th.
The indictment described 12 victims, which were mostly financial services companies, but also included a financial news organization and software development firms. The U.S. Attorney’s Office said the scheme involved the “largest theft of customer data from a U.S. financial institution in history.” The hackers stole the personal information of over 100 million customers across the companies.
JPMorgan acknowledged in Oct. 2014 that the company suffered a cyberattack over the summer that year, which affected 76 million households. The perpetrators were were not named until today.
According to the 68-page indictment, Gery Shalon, Joshua Aaron, and Ziv Orenstein, [all Jewish], have been charged with 23 different crimes, including computer hacking and fraud, dating back to 2007. The fourth hacker, Anthony Murgio, was indicted separately on Tuesday. That indictment outlined seven charges against Murgio, who was previously accused of running an unlicensed Bitcoin exchange, according to the New York Times.
The hackers used information and data collected from JPMorgan and the other companies to manipulate stocks. They bought small amounts of companies’ shares, then used stolen email addresses to inform investors to buy into those stocks. As the stock price rose, the hackers would sell off their investment, making a profit.
Dow Jones confirmed to Quartz that it was affected in the breach. A spokesperson wrote in an email: “The indictment unsealed today refers to the public disclosure we made on October 9. The government’s investigation is ongoing, and we continue to cooperate with law enforcement.”
The Wall Street Journal reported that other companies affected include E*Trade, and Scottrade. E*Trade notified customers in early Oct. 2014 that it suffered a breach in 2013. Scottrade didn’t return a request for comment from Quartz.
Financial institutions are required by law to hold on to huge amounts of personal data for their customers, which makes them prime targets for hackers. JPMorgan has recently stepped up its focus on security, including hiring ex-military experts and building a new facility for cybersecurity near the U.S. National Security Agency’s headquarters.
By Ian Kar