Corporate legal departments may be — rightfully — frightened by recent cyber breaches, but word came from federal prosecutors on March 17 that they have not forgotten about finding those responsible.

The federal prosecutors announced that eight men have been charged with being members of an international cybercrime ring. According to the charges, the men tried to steal at least $15 million by hacking into U.S. customer accounts at 14 different financial institutions as well as the U.S. Department of Defense.

According to U.S. Attorney Paul Fishman, the men gained unauthorized access to networks, diverted customer funds into personal accounts, then employed “cashers” to withdraw the money and make fraudulent purchases throughout the United States.  The scheme ran between March 2012 and June 2013.

Among the companies hit by the cyber attacks, according to Reuters, are Aon Hewitt, Automatic Data Processing Inc, Citibank NA, eBay Inc’s PayPal, Electronic Payments Inc, E*Trade, Fundtech Holdings LLC, iPayment Inc, JPMorgan Chase Bank NA, Nordstrom Bank, TD Ameritrade, TIAA-CREF, USAA, Veracity Payment Solutions Inc, and the Defense Department’s finance and accounting service.

Three men, Oleksiy Sharapka and Leonid Yanovitsky of Kiev, Ukraine; and Richard Gundersen, 47, of Brooklyn, New York; are viewed as the key leaders of the cybercrime. All three have been charged with onspiracy to commit wire fraud, conspiracy to commit access device fraud and identity theft, and aggravated identity theft.

These charges come at a time when in-house counsel are particularly conscientious of data security issues. Cyber loss recently ranked as one of business leaders’ top risk concerns for 2014, and data breaches are even transforming the general counsel’s role in the company. And nobody is safe: Even technology-based companies such as Apple and Mt. Gox have been recent victims of cyberattacks.

However, help is coming. In-House counsel are currently dissecting the first version of the NIST’s cybersecurity framework, which could provide a standard model for the creation of new cybersecurity programs.


For more leading cybersecurity news, check out these InsideCounsel articles:

Target’s cybersecurity event may have been preventable

Electronic discovery to the Nth degree: ESI in cyber breach incidents

Technology: Dissecting the first version of the NIST’s cybersecurity framework

Target CIO stepping down