The government is keeping its inquiry into the cyberattack that impacted 83 million JPMorgan Chase accounts — about 76 million households and 7 million small businesses — going strong.
The New York Times reported Tuesday (July 28) that federal authorities have found a collegiate connection between some of the people suspected in last year’s massive attack against JPMorgan Chase, which is considered the largest known financial data attack.
According to NYT, three of the five men federal prosecutors charged last week in criminal cases stemming from the investigation into the JPMorgan Chase attack attended classes at Florida State University around the same time.
Two of the identified cybercriminals, Joshua Samuel Aaron and Anthony R. Murgio, were members of the same fraternity, Phi Sigma Kappa, according to the fraternity’s records and LinkedIn. Yuri Lebedev, the third man charged, also attended the university, and NYT reported that his LinkedIn page described time spent working for a company led by Murgio’s brother, who is also a Florida State University alumnus.
"What the investigators will do is look at people who know each other and have had contact with each other during critical junctures,” Michael Bachner, a former lawyer who has represented those charged with insider trading and stock manipulation, told NYT.
“People who have gone to school or are in business together are expected to speak to each other, and these investigators are going to follow all leads,” Bachner explained.
Federal authorities reportedly suspect Aaron and Israeli citizen Gery Shalon, who were both charged with running a multiyear stock manipulation scheme, may have sought to use the millions of email addresses stolen in the JPMorgan Chase hack to send out promotional spam emails in relation to the ongoing stock scheme.
But people familiar with the matter told NYT they believe individuals in Russia are behind the actual JPMorgan Chase attack, which took place last summer, and carried out the cybercriminal activities on the instructions of Aaron and others, who were said to be frequent visitors to the country.
Last October JPMorgan Chase confirmed the data stolen during the cyberattack appeared to be “user contact information — name, address, phone number and email address — and internal JPMorgan Chase information relating to such users."
"However, there is no evidence that account information for such affected customers — account numbers, passwords, user IDs, dates of birth or Social Security numbers — was compromised during this attack,” the company said in an SEC 8-K filing at the time.
As recourse to the attack, JPMorgan’s Security Chief James Cummings implemented a comprehensive security operation earlier this year with a focus on staffing it with ex-military officers.
To check out what else is HOT in the world of payments, click here.