Credit Mike Segar/Reuters
Federal prosecutors in Manhattan on Tuesday announced additional criminal charges against three men accused of being part of a huge cyberattack against JPMorgan Chase, as well as other banks, brokers and financial information publishing companies.
Gery Shalon, Joshua Aaron and Ziv Orenstein were charged with 23 counts related to wire and securities fraud as well as unlawful Internet gambling and securities market manipulation in a superseding indictment unsealed on Tuesday. An indictment this summer included 11 counts of wire and securities fraud and money laundering.
Mr. Shalon and Mr. Orenstein, both Israeli citizens, remain in custody awaiting extradition. Mr. Aaron, an American citizen, is believed to be in Russia. The Federal Bureau of Investigation has a wanted notice out for him âfor his alleged involvement in a scheme to hack major American companies in order to acquire customer contact information.â
Prosecutors say the scheme lasted from 2007 to mid-2015, earning âhundreds of millions of dollars in illicit proceeds,â some of it hidden in Swiss accounts and other bank accounts. A news conference was scheduled for Tuesday afternoon.
A separate indictment on Tuesday outlined seven charges against Anthony Murgio, a Florida man previously accused of running an unlicensed Bitcoin exchange. He has been mentioned in connection with the JPMorgan hack.
JPMorgan confirmed on Tuesday that it was identified as âVictim 1â in the superseding indictment.
âWe appreciate the strong partnership with law enforcement in bringing the criminals to justice,â the bank said in a statement. âAs we did here, we continue to cooperate with law enforcement in fighting cybercrime.â
The hacking involved contact information and email addresses connected with 83 million JPMorgan customer accounts, though prosecutors said the attack also affected brokerage and financial firms based in Boston; Omaha, Neb.; New York; St. Louis; and Charlotte, N.C.
On Tuesday, E-Trade Financial, based in New York, said it was attacked in late 2013 and found no evidence that sensitive financial information had been compromised. It added that access may have been obtained to contact information for roughly 31,000 customers.
âSecurity is a top priority, and we focus a significant amount of time and energy to help keep our customersâ data and information safe and secure,â E-Trade said in a statement.
Fidelity, based in Boston, said, âWe have confirmed with the F.B.I. that there is no indication that our customers were affected.â
JPMorgan has said it discovered the attack last year and blocked the hackers before they could get access to the most sensitive customer information.