Russian man sentenced to 12 years in prison for massive JPMorgan data heist

It's a win for U.S. officials who look for opportunities to arrest and extradite alleged cybercriminals once they leave Russia.
JPMorgan Chase and other big Wall Street names were victimized in the scheme (Getty Images).

A U.S. federal judge on Thursday sentenced Andrei Tyurin, a 37-year-old Russian man, to 12 years in prison for his role in a hacking scheme that prosecutors say involved the theft of personal data from over 100 million customers of big U.S. financial firms.

The brazen hacking operation, which ran from 2012 to 2015, is one of the biggest to hit Wall Street in recent memory. It involved Tyurin allegedly working with an Israeli man named Gery Shalon, among others, to breach big-name companies like JPMorgan Chase, ETrade and The Wall Street Journal. The scammers then sought to inflate stock prices by marketing them to people whose data they had stolen.

Tyurin’s breach of JPMorgan Chase alone saw data on 80 million customers stolen, according to prosecutors. The Russian man made $19 million altogether from the hacking, the Justice Department said in a statement.

The case is a win for U.S. law enforcement officials who look for opportunities to arrest and extradite alleged cybercriminals once they leave Russia, which does not have an extradition agreement with the U.S. Tyurin was extradited from the Republic of Georgia in 2018. Shalon was arrested in Israel in 2015 and extradited to the U.S. in 2016, but his case has yet to come to trial.


Tyurin pleaded guilty in September to carrying out wire and bank fraud, computer intrusions and illegal online gambling.

“From his home in Moscow, Andrei Tyurin played a major role in orchestrating and facilitating an international hacking campaign that included one of the largest thefts of U.S. customer data from a single financial institution in history,” Audrey Strauss, the acting U.S. Attorney for the Southern District of New York, said in a statement on Thursday.

The prosecution of Tyurin is part of a long-running effort by U.S. law enforcement agencies to dismantle lucrative cybercriminal rings. U.S. and European agencies in October cracked down on QQAAZZ, a gang that has allegedly laundered millions of dollars for criminal hackers, by announcing charges against 14 of its members.  

The crackdowns, while significant, will only go so far in putting a dent in cybercriminal schemes that, according to one study, cost the global economy hundreds of billions of dollars a year.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts