Russian Andrei Tyurin has pleaded guilty to taking part in a cybercriminal campaign that targeted the U.S. financial sector and stole personal data from roughly 100 million customers of various firms, the DOJ announced this week.
Tyurin, 35, pleaded guilty in a Southern New York federal court to one count of conspiracy to commit computer hacking, one count of wire fraud, one count of conspiracy to violate the Unlawful Internet Gambling Enforcement Act and one count of conspiracy to commit wire fraud and bank fraud. Also, he pleaded to a separate count of conspiracy to commit wire fraud, and one additional count of conspiracy to commit computer hacking. Certain charges were transferred from the Northern District of Georgia. Collectively, the charges carry a maximum sentence of 95 years.
A September 2018 DOJ press release announcing Tyruin’s extradition accused Tyruin and three other defendants of undertaking a massive hacking operation from roughly 2012 through mid-2015. This included the largest-ever theft of customer data from a single U.S. financial institution. The victimized firm is widely known to be Manhattan-based JPMorgan, from which Tyruin and others allegedly stole data belonging to 80 million customers. Tyurin and others allegedly used the data to perpetuate other criminal operations, including artificially inflating the price of stocks by deceptively marketing the stocks to individuals whose contact information was stolen in the breaches.
Tyruin was arrested and later extradited from the country of Georgia in 2018.
Citing recently filed court documents, Bloomberg reported back on Sept. 16 that Tyurin had reached a plea deal with federal prosecutors. Citing people familiar with the case, Bloomberg also reported that Tyurin’s alleged co-conspirator Gery Shalon, who is also in U.S. custody, has been cooperating with federal authorities, and agreed along with other co-defendants to a series of deals to repatriate stolen funds.
Tyurin is scheduled for sentencing on Feb. 13, 2020.
