A suspected Russian hacker was extradited Friday to the United States to face federal charges alleging he played a key role in massive hacks of consumer information from U.S. financial institutions, the Justice Department said.
Andrei Tyurin, 35, was arrested in the former Soviet republic of Georgia and arrived in New York on Friday. He was scheduled in the afternoon to make a brief appearance in federal court in Manhattan on an array of hacking-related charges, including allegations he participated in the largest cyber theft of consumer information from a U.S. financial institution in history: the heist in 2014 of personal information belonging to 80 million customers of JPMorgan Chase.
“Andrei Tyurin, a Russian national, is alleged to have participated in a global hacking campaign that targeted major financial institutions, brokerage firms, news agencies, and other companies,” Geoffrey Berman, the U.S. attorney for the Southern District of New York, said in a statement. “Tyurin’s alleged hacking activities were so prolific, they lay claim to the largest theft of U.S. customer data from a single financial institution in history, accounting for a staggering 80 million-plus victims.”
Berman called the arrest a “significant milestone for law enforcement in the fight against cyber intrusions targeting our critical financial institutions.”
The scam’s mastermind was Gery Shalon, an Israeli citizen who was extradited to face charges in the scheme in 2016, U.S. officials have said. Two others — Joshua Samuel Aaron, a U.S. citizen, and Ziv Orenstein, an Israeli — have also been charged in the case. No trial date has been set. An attorney for Tyurin could not be reached.
Working at the direction of Shalon, U.S. officials said, Tyurin engaged in an extensive computer hacking campaign from 2012 through 2015 that targeted banks and other financial institutions, brokerage firms and financial news publishers.
One of Shalon’s more lucrative scams, the officials said, involved artificially inflating the value of penny stocks and then duping investors into purchasing the shares through spam emails sent to addresses Tyurin had stolen.