One of the biggest financial-data breaches in history was “securities fraud on cyber steroids.”
That’s according to Preet Bharara, the US attorney for the Southern District of New York, who has charged Gery Shalon, Joshua Samuel Aaron, and Ziv Orenstein in connection to “the largest theft of customer data from a US financial institution in history.”
The defendants took a “classic stock-fraud scheme” and brought it into cyberspace, Bharara said at a Tuesday press conference.
He said they hacked 12 financial institutions, including JPMorgan, and stole personal information for over 100 million customers, targeting people engaged in significant stock trading.
They then used that private information to blast emails and tout penny stocks in multimillion-dollar “pump and dump” schemes, Bharara said.
They also allegedly performed “reverse mergers” of private companies with public shell corporations that Shalon controlled.
Payments processing for criminals and other charges
The three defendants were charged in a 23-count indictment.
In addition to the market-manipulation scheme, Bharara accused Shalon and Orenstein of operating unlawful internet casinos.
In a statement, he said that they engaged in “massive hacks and cyberattacks against other internet gambling businesses to steal customer information, secretly review executives’ emails, and cripple rival businesses.”
Separately, Bharara accused the same two men of operating illicit payment-processing schemes for criminals.
Users included “unlawful pharmaceutical distributors, purveyors of counterfeit and malicious purported ‘anti-virus’ computer software, their own unlawful internet casinos,” and an illegal Florida-based Bitcoin exchange owned by Shalon.
Another charge is related anti-money laundering laws that Shalon’s Bitcoin exchange, Coin.mx, violated.
Hacking banks, brokerages, and business news
In October 2014, JPMorgan revealed in an US Securities and Exchange Commission filing that more than 70 million households and 7 million small businesses may have had their private data compromised in a cyberattack.
Bharara put the total number of customers affected from that incident at 83 million and called it “the single-largest theft of data from a US financial institution.”
At the time, the bank said that it hadn’t seen “any unusual customer fraud related to this incident.” It has since invested heavily in security and built a digital security team with ex-military cybersecurity experts.
Last month, Dow Jones, which publishes The Wall Street Journal and Barron’s, said that hackers had intruded upon their networks, seeking contact and payment information for 3,500 customers.
Also last month, retail brokerage Scottrade said it had been the victim of a cyberattack in late 2013 and early 2014 that affected a system with data on 4.6 million clients.
Aaron is a fugitive and wanted by the FBI. Shalon and Orenstein were arrested in Israel in July, and Bharara is seeking extradition.
NOW WATCH: Money & Markets videos
Business Insider Emails & Alerts
Site highlights each day to your inbox.