A Russian hacker has been sentenced to 12 years in prison for his role in an international hacking scheme that compromised the computer systems of major financial institutions, brokerage firms, news agencies, and other companies to steal data.

Moscow resident Andrei Tyurin (aka Andrei Tiurin), 37, pleaded guilty in 2019 after his extradition from the country of Georgia the previous year, admitting to computer intrusion, wire fraud, bank fraud and illegal online gambling offenses.

“From his home in Moscow, Andrei Tyurin played a major role in orchestrating and facilitating an international hacking campaign that included one of the largest thefts of U.S. customer data from a single financial institution in history, stealing the personal information of more than 80 million J.P. Morgan Chase customers. The conspiracy targeted major financial institutions, brokerage firms, news agencies, and other companies, and netted Tyurin over $19 million in criminal proceeds. Now Tyurin has been sentenced to 12 years in prison for his crimes,” the Department of Justice said in a statement.

According to the DoJ, Tyurin committed his illegal activities with the help of his co-conspirators Gery Shalon, (also known as Garri Shalelashvili, Gabriel, Gabi, Phillipe Mousset, and Christopher Engeham), Joshua Samuel Aaron (aka Mike Shields), and Ziv Orenstein (aka Aviv Stein and John Avery).

From approximately 2012 to mid-2015, Tyurin was involved in a massive computer hacking campaign targeting financial institutions, brokerage firms, and financial news publishers in the U.S, including J.P. Morgan Chase Bank, E*Trade, Scottrade, and the Wall Street Journal, from which the scammers stole the personal information of over 100 million customers. The hack of J.P. Morgan Chase Bank alone resulted in the theft of personal information of over 80 million customers, the DoJ said.

In addition, from around 2007 to mid-2015, Tyurin conducted cyber attacks against numerous US and foreign companies for the benefit of various criminal enterprises operated by Shalon and his co-conspirators, including unlawful internet gambling businesses and international payment processors.

Tyurin also controlled computer infrastructure located across five continents and maintained persistent access over extended periods of time to the victims’ networks, regularly refreshing the stolen data by repeatedly downloading information from these companies. When his illegal activities were detected, Tyurin together with Shalon attempted to destroy the evidence of their criminal activity.

In addition to the prison term, Tyurin has to serve three years of supervised release, and to pay forfeiture in the amount of $19,214,956.