Russian Threat Actor to Serve 12 Years in Prison for Breaching JPMorgan Chase


Russian national Andrei Tyurin was sentenced to 12 years in federal prison for his role in “massive network intrusions” against US financial institutions between 2012 and 2015, as well as brokerage firms and financial news publishers, the Department of Justice (DOJ) disclosed last week.

According to court documents, the 37-year-old played a “major role” in the cyberattack operations that compromised personal information of over 80 million J.P. Morgan Chase Bank customers in 2014.

Additional high-profile victims include E*Trade, Scottrade and the Wall Street Journal.

“From his home in Moscow, Andrei Tyurin played a major role in orchestrating and facilitating an international hacking campaign that included one of the largest thefts of U.S. customer data from a single financial institution in history, stealing the personal information of more than 80 million J.P. Morgan Chase customers,” Acting U.S. Attorney Audrey Strauss noted. “The conspiracy targeted major financial institutions, brokerage firms, news agencies, and other companies, and netted Tyurin over $19 million in criminal proceeds.”

Using multiple servers spread across five continents to cover his tracks, the culprit maintained access to his victims’ networks, exfiltrating fresh batches of information that expanded his criminal endeavors.

Tyurin and his co-conspirators have also been charged with payment processing fraud, running illegal cryptocurrency exchanges and illegal online gambling.

“TYURIN engaged in these crimes at the direction of his partner GeryShalon, and in furtherance of other criminal schemes overseen and operated by Shalon and his co-conspirators, including securities fraud schemes in the United States,” the DOJ said. “For example, in an effort to artificially inflate the price of certain stocks publicly traded in the U.S., Shalon and his co-conspirators marketed the stocks in a deceptive and misleading manner to customers of the victim companies whose contact information TYURIN stole in the intrusions.” 

On top of the 144-month prison sentence, Tyurin must pay back his criminal proceeds and will face an additional three-year supervision period once released.

1 in 4 people is likely to be a victim of data breaches. Have you ever been exposed? Find out now with Bitdefender’s Digital Identity Protection.