At least $15 million was stolen via online infiltration of 15 financial companies -- including JPMorgan Chase (JPM), Citigroup (C), E*Trade (ETFC), PayPal (EBAY), TIAA-CREF, and TD Ameritrade (AMTD) -- overly a nearly two-year period. The perpetrators of the scheme were a group of hackers and identity thieves led by two Ukrainian nationals, according to authorities. Eight men have been charged, and four are in custody, the LA Times reports.
"Cybercriminals penetrated some of our most trusted financial institutions as part of a global scheme that stole money and identities from people in the United States," said New Jersey U.S. Attorney Paul J. Fishman in a statement. The criminal complaint against the men alleges that they moved money from online accounts onto prepaid debit cards, then used the cards to withdraw cash from ATMs or make purchases throughout the United States. According to the LA Times, "Much of the money that was cashed out was wired to the two leaders."
One of those leaders is said to be Oleksiy Sharapka, a 33-year-old from Kiev who previously served a 102-month prison sentence for leading a similar conspiracy, after which he was deported from Massachusetts. Sharapka was allegedly working with Leonid "Lenny" Yanovitsky, 38, also of Kiev. According to The Boston Globe, two Bay State men have been arrested and are thought to have been "footmen in [the] scheme". A third Massachusetts man who was charged is still at large. The other suspects are from Brooklyn and Atlanta.
The other institutions that were hacked are Aon Hewitt, Automated Data Processing, Electronic Payments, Fundtech Holdings, iPayment, Nordstrom Bank, USAA, Veracity Payment Solutions and the Defense Department's Defense Finance and Accounting Service. According to an amended criminal complaint filed on Thursday, Sharapka & co. illegally obtained the login credentials of more than 130 ADP customers, which they used to access accounts and transfer $4 million. At least 40 Chase accounts were compromised, and $60,000 stolen, through similar means.
This is the second revelation in recent weeks about an international crime ring hacking bank accounts for millions. And while there's not much you can do regarding banks' internal safeguards, you can certainly take some precautions to reduce the odds that you personally will be a victim of hacking. Check out the gallery below for some tips:
You Thought You Were Safe? The Myths and Realities of Your Online Security
Cybercriminals Hacked 15 Financial Firms for $15 Million Over 2 Years
For years, security professionals have emphasized the importance of shredding your personal documents before you throw them out. But Holland notes that shredding isn't as much of a priority as it used to be. "There aren't nearly as many documents with personal information out there as there were even just two years ago," he explains. "These days, it's much easier to get your information off your computer."
Passwords are your first line of defense against intruders. But, as Holland points out, even the most careful people sometimes have password breaches. "I've helped chief privacy officers from health care and security firms," he notes. "If they're getting hit, then anyone is vulnerable." While Holland notes the importance of having a good password, he emphasizes that the most important thing is paying attention to password breach notifications. If you hear that one of your passwords may have been breached, he counsels, change it immediately. And, because many of your accounts may be linked, he notes, it's not a bad idea to change the rest of your passwords as well.
One piece of advice that you don't often hear is to keep on top of software updates. But, Holland argues, updating your operating system, your software, and your security programs is one of the easiest and most important ways to ensure your security. Software companies spend a lot of time and money trying to stay ahead of online intruders -- it only makes sense to take advantage of their work.
Even if you are convinced that your security is state-of-the-art and your password is unbreakable, it never hurts to double-check your most sensitive accounts. Holland suggests regularly checking your bank and credit card statements to ensure that there aren't any inappropriate charges on your accounts. As a side benefit, this is also a great way to catch any unexpected fees that your bank may try to spring on you.
When a breach happens, a fast response can mean the difference between a minor annoyance and a major pain in the neck. With that in mind, Holland suggests talking to your bank about having transaction alerts placed on your account. Every time your account is credited with a transaction over a particular amount -- $50, for example -- your bank will send you an e-mail or text notification. If it's an expected transaction, you can discard the message; if not, you'll be able to respond immediately.
Every year, you are entitled to a free credit report from each of the reporting bureaus. Holland suggests taking advantage of this free service, noting that your credit report is a great way to track your outstanding debts and ensure that nobody is trying to open false accounts in your name. He emphasizes, however, that the best way to get your free report is by going to AnnualCreditReport.com, not FreeCreditReport.com. "That site's a scam," he laughs.