New Information On Chase Breach

Many of you will remember that J.P. Morgan Chase was breached last year and the information on 76 million customers and 7 million businesses was taken.  The information included name and address information, but did not contain very much non public personal information.

Well, we are now hearing more information.

The U.S. Attorney for the Southern District Of New York released a 23 count indictment charging 3 people with securities fraud, identity theft and computer hacking.  Two of the people have been arrested; the third is still at large.

We have been wondering why they took the information.  It turns out that they used the information to manipulate stock prices and it worked pretty well.  The U.S. Attorney claims that they made hundreds of millions of dollars on the scam.

While up until now, Chase has said that the hackers got into the bank’s systems in July 2014 and were discovered in August 2014, it is now coming out that the hackers were inside the bank’s systems since 2012.

It is also coming out that Chase was not alone. Eight other financial institutions were hacked as well.  All told, 14 companies were breached.

The hackers set up 75 shell companies, banks and brokerages across the globe to filter the illicit money.  The three men used 200 fake identities and had 30 fake passports purporting to be issued by 16 countries, including the U.S.  So much for hack proof passports, I guess.

Prosecutors say that the 3 men’s adventures in hacking date back to 2007.

This is pretty impressive.  Other financial institutions attacked include E-Trade, Scotttrade, TD Ameritrade, Dow Jones, Fidelity Investments and bit coin exchange Coin.mx, among others, although the details of those attacks were not announced.

Information for this post came from SC Magazine and Dark Reading.

by