Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Russian Hacker Gets 12 Years in Massive Data Theft Scheme

A prolific Russian hacker who stole data from over a dozen U.S. companies and information about over 100 million U.S. consumers was sentenced Thursday to 12 years in prison after admitting involvement in one of the biggest thefts of consumer data from a U.S. financial institution.

A prolific Russian hacker who stole data from over a dozen U.S. companies and information about over 100 million U.S. consumers was sentenced Thursday to 12 years in prison after admitting involvement in one of the biggest thefts of consumer data from a U.S. financial institution.

Andrei Tyurin, 37, was sentenced in Manhattan federal court after pleading guilty in September 2019 to computer intrusion, wire fraud, bank fraud and illegal online gambling offenses.

Prosecutors say Tyurin helped steal the personal data of more than 80 million customers from JP Morgan Chase alone.

They said Tyurin targeted financial institutions, brokerage firms and financial news publishers including the Wall Street Journal in the United States from 2012 to mid-2015, getting the personal information of more than 100 million customers of the companies.

Tyurin operated from his Moscow home, collecting over $19 million as he utilized a computer infrastructure across five continents, authorities said.

In a release, Acting U.S. Attorney Audrey Strauss said Tyurin “played a major role in orchestrating and facilitating an international hacking campaign that included one of the largest thefts of U.S. customer data from a single financial institution in history.”

In court papers, Tyurin’s lawyer, Florian Miedel, wrote that Tyurin only pocketed about $5 million because the rest was only promised by a co-conspirator who relied on Tyurin to get names and contact information so he could recruit customers for his illegal online gambling business.

Miedel requested leniency for his client, saying Tyurin never stole money through his hacking.

Advertisement. Scroll to continue reading.

In a letter to the judge, Tyurin said he was “terribly ashamed” of the personal information he was stealing online and believed he had “chosen a wrong path in life.”

He also wrote that he has changed since a daughter he can no longer see was born four years ago.

In court papers, prosecutors wrote that as investigators closed in on Tyurin and the co-conspirator with the online gambling business, Tyurin and his accomplice “were fundamentally driven by pragmatic considerations regarding the risk of their detection and ultimately their apprehension, rather than concerns regarding relative moral culpability of their use of the stolen data.”

They urged a stiff sentence, citing the difficulty of apprehending someone who operates a half a world away.

“As a result of the significant resources required to mount a successful hacking prosecution, convictions are relatively rare. Consequently, the importance of affording general deterrence through meaningful sentences is particularly acute in criminal hacking cases,” according to a sentencing submission signed by Assistant U.S. Attorney Eun Young Choi.

Tyurin has been in U.S. custody since he was extradited from the country of Georgia in September 2018. He will be deported once he serves his sentence.

U.S. District Judge Laura Taylor Swain ordered him to forfeit his profits. Restitution was to be determined at a later date.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.