NEW YORK (Reuters) - An American was taken into U.S. custody on Wednesday after arriving from Russia to face charges that he helped orchestrate a massive computer hacking and fraud scheme that included an attack against JPMorgan Chase & Co, prosecutors said.
Joshua Aaron, 32, was arrested at John F. Kennedy International Airport in New York after being deported from Russia to the United States, where he will face charges pending since last year, U.S. authorities said.
Aaron came back to the United States voluntarily, said Benjamin Brafman, his lawyer. During a court hearing, Aaron pleaded not guilty to charges including computer hacking and securities fraud.
Aaron, who was born in Maryland and attended Florida State University, is one of nine people to face charges following an investigation connected to a data breach that JPMorgan disclosed in 2014 involving records for more than 83 million accounts.
He was charged along with two Israeli men, Gery Shalon and Ziv Orenstein, in an indictment filed in November 2015 for his alleged role in crimes targeting 12 companies, including nine financial services firms and media outlets like the Wall Street Journal.
Manhattan U.S. Attorney Preet Bharara in a statement said Aaron “worked to hack into the networks of dozens of American companies, ultimately leading to the largest theft of personal information from U.S. financial institutions ever.”
Prosecutors said the scheme dated back to 2007 and compromised more than 100 million people’s personal information.
Prosecutors said the enterprise included pumping up stock prices with sham promotional emails, running online casinos, operating an illegal bitcoin exchange and laundering money through shell companies and accounts around the world.
The scheme also involved a massive attack on JPMorgan affecting 83 million customers, the largest theft of customer data from a U.S. financial institution, authorities said.
A separate indictment in Atlanta in November 2015 against Shalon and Aaron said that brokerages E*Trade Financial Corp and Scottrade were also targets, and personal information of more than 10 million customers was compromised.
The case is U.S. v. Shalon et al, U.S. District Court, Southern District of New York, No. 15-cr-00333.
Reporting by Nate Raymond in New York; Editing by Phil Berlowitz