So yah last week we all discovered, OMG JPMorgan Hacked! This set a lot of people on edge as JPMorgan Chase & Co is the largest US bank by assets – so it’s pretty seriously business. The breach happened back in July and was only disclosed last Thursday due to a filing to the US Securities and Exchange Commission.
This is a HUGE breach (76 million households and 7 million small businesses), one of the biggest in history – especially when it comes to the banking sector. Fortunately no really ‘critical’ data was leaked such as credit card details or social security numbers, but there was important information like addresses and phone numbers which at this volume are definitely valuable on the black market.
The July cyberattack on JPMorgan Chase & Co. that compromised the names, addresses, phone numbers and contact information of over 83 million people are believed to have originated in Russia with at least some level of state approval.
“It could be in retaliation for the sanctions” placed on Russia, one senior official briefed on the intelligence told The New York Times on Saturday. “But it could be mixed motives — to steal if they can, or to sell whatever information they could glean.”
JPMorgan Chase has worked with the Treasury, the Secret Service and intelligence agencies since the attack, which did not completely shut out the attackers until August, the paper reported. More than 90 servers were accessed and over 7 million small businesses were compromised.
There’s a lot of speculation that the hackers that pulled of this rather sophisitacted attack are Russian and somehow linked to Putin (although I’m not sure how they figured that out). The news also broke today that it was not only JPMorgan Chase & Co that was infiltrated – but they were just 1 of 9 financial institutions breached as part of this attack.
This includes banks and brokerages, more here: JPMorgan CYBER-HEIST: 9 US financial firms snared by ‘Russian hackers’, says report
“It was a huge surprise that they were able to compromise a huge bank like JPMorgan,” said Al Pascual, a security analyst with Javelin Strategy and Research, told the Times. “It scared the pants off many people.”
Experts fears that similar attacks in the future could ignite a financial crisis. JPMorgan Chase may be particularly vulnerable: The Times noted that the hackers were able to steal “a list of every application and program deployed on standard JPMorgan computers that hackers can crosscheck with known, or new, vulnerabilities in each system in a search for a backdoor entry.”
JPMorgan Chase has responded to the hacking by disabling compromised accounts and resetting passwords for its employees. The company also notified customers that they would not need to change their passwords or account information, nor would they be held liable for unauthorized transactions, The Associated Press reported Thursday.
It’s interesting that the hackers didn’t seem to go after the money, they really just wanted as much data as possible on JPMorgan customers.
It’ll be interesting to see if any of the other currently unnamed financial institutions are released to the press or if any of them suffered monetary losses – or they were all similar data grab scenarios.
Source: The Washington Times