JPMorgan Hacked & Leaked Over 83 Million Customer Records


So yah last week we all discovered, OMG JPMorgan Hacked! This set a lot of people on edge as JPMorgan Chase & Co is the largest US bank by assets – so it’s pretty seriously business. The breach happened back in July and was only disclosed last Thursday due to a filing to the US Securities and Exchange Commission.

JPMorgan Hacked

This is a HUGE breach (76 million households and 7 million small businesses), one of the biggest in history – especially when it comes to the banking sector. Fortunately no really ‘critical’ data was leaked such as credit card details or social security numbers, but there was important information like addresses and phone numbers which at this volume are definitely valuable on the black market.

The July cyberattack on JPMorgan Chase & Co. that compromised the names, addresses, phone numbers and contact information of over 83 million people are believed to have originated in Russia with at least some level of state approval.

“It could be in retaliation for the sanctions” placed on Russia, one senior official briefed on the intelligence told The New York Times on Saturday. “But it could be mixed motives — to steal if they can, or to sell whatever information they could glean.”

JPMorgan Chase has worked with the Treasury, the Secret Service and intelligence agencies since the attack, which did not completely shut out the attackers until August, the paper reported. More than 90 servers were accessed and over 7 million small businesses were compromised.


There’s a lot of speculation that the hackers that pulled of this rather sophisitacted attack are Russian and somehow linked to Putin (although I’m not sure how they figured that out). The news also broke today that it was not only JPMorgan Chase & Co that was infiltrated – but they were just 1 of 9 financial institutions breached as part of this attack.

This includes banks and brokerages, more here: JPMorgan CYBER-HEIST: 9 US financial firms snared by ‘Russian hackers’, says report

“It was a huge surprise that they were able to compromise a huge bank like JPMorgan,” said Al Pascual, a security analyst with Javelin Strategy and Research, told the Times. “It scared the pants off many people.”

Experts fears that similar attacks in the future could ignite a financial crisis. JPMorgan Chase may be particularly vulnerable: The Times noted that the hackers were able to steal “a list of every application and program deployed on standard JPMorgan computers that hackers can crosscheck with known, or new, vulnerabilities in each system in a search for a backdoor entry.”

JPMorgan Chase has responded to the hacking by disabling compromised accounts and resetting passwords for its employees. The company also notified customers that they would not need to change their passwords or account information, nor would they be held liable for unauthorized transactions, The Associated Press reported Thursday.

It’s interesting that the hackers didn’t seem to go after the money, they really just wanted as much data as possible on JPMorgan customers.

It’ll be interesting to see if any of the other currently unnamed financial institutions are released to the press or if any of them suffered monetary losses – or they were all similar data grab scenarios.

Source: The Washington Times

Posted in: Privacy, Web Hacking

, ,


Latest Posts:


RandIP - Network Mapper To Find Servers RandIP – Network Mapper To Find Servers
RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH.
Nipe - Make Tor Default Gateway For Network Nipe – Make Tor Default Gateway For Network
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network.
Mosca - Manual Static Analysis Tool To Find Bugs Mosca – Manual Static Analysis Tool To Find Bugs
Mosca is a manual static analysis tool written in C designed to find bugs in the code before it is compiled, much like a grep unix command.
Slurp - Amazon AWS S3 Bucket Enumerator Slurp – Amazon AWS S3 Bucket Enumerator
Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan externally or an AWS API to scan internally.
US Government Cyber Security Still Inadequate US Government Cyber Security Still Inadequate
Surprise, surprise, surprise - an internal audit of the US Government cyber security situation has uncovered widespread weaknesses, legacy systems and poor adoption of cyber controls and tooling.
BloodHound - Hacking Active Directory Trust Relationships BloodHound – Hacking Active Directory Trust Relationships
BloodHound is for hacking active directory trust relationships and it uses graph theory to reveal the hidden and often unintended relationships within an AD environment.


Comments are closed.