The sensitive information of 83 million households and small business customers of J.P. Morgan Chase was compromised when hackers broke into the bank’s computer systems in August 2014, making the intrusion one of the largest data breaches in history.
Though it was made public at the end of August that anonymous Russian hackers had attacked J.P. Morgan Chase and at least four other large banks, the true scope of the breach—initially believed to affect only one million accounts—was not known until this week. The bank announced on October 2 that the names, addresses, phone numbers and email addresses of 76 million households and seven million small businesses were stolen by the still-unidentified hackers. In a statement, however, J.P. Morgan said customers’ most sensitive information, such as account numbers and passwords, Social Security numbers, user IDs, birth dates, and—perhaps paramount—their money, was not compromised, Reuters reported.
If you’ve seen fraudulent charges appear on your bank statement or within your account details, you may have legal options. Contact Morgan & Morgan today to learn more.
According to the Wall Street Journal, cybersecurity experts believe the data accessed in the breach is related to the bank’s marketing division, not its banking operations. Although this fact makes the breach a bit easier for consumers to digest, serious concerns still exist that the information of so many people and Wall Street institutions was so easily compromised.
A source with knowledge of the bank’s investigation of the matter said it appears malware is to blame for the breach. Specifically, the attack was aimed at servers that stored user contact information of current and former J.P. Morgan customers who accessed Chase.com or JPMorgan.com online or on mobile devices within the last few years. A report from the New York Times said the hackers “obtained a list of the applications and programs that run on the bank’s computers,” which served as a “road map of sorts” for them to find vulnerabilities while searching for a point of entry into J.P. Morgan’s systems.
The breach when unnoticed for roughly two months in the summer, those familiar with the investigation added. Once the bank became aware of the attack, it identified and closed all access paths where the hackers may have gained entry to its systems.
Furthermore, it appears hackers originally breached J.P. Morgan’s network through an employee’s personal computer. From there, reports say, the hackers moved onto the bank’s more internal systems. In response to this, the bank has reset the passwords of all of its technology employees and disabled accounts that may have been compromised.
J.P. Morgan said that there is no evidence of fraud involving customers’ information.
Update: A person familiar with the investigation into the unprecedented data breach that affected 86 million JP Morgan Chase customers and small business accountholders said the hackers used computers that are now linked with cyber attacks on at least “10 to 14” other financial institutions. According to a Bloomberg report, those behind the attack attempted a “broad campaign aimed at a payroll-servicing company, a popular stock brokerage and some of the world’s biggest banks,” specifically Citigroup Inc., HSBC Holdings Plc, E*Trade Financial Corp., Regions Financial Corp., and Automatic Data Processing Inc. This information, Bloomberg notes, comes from several people close to those companies’ internal investigations who said the attackers left digital traces of their presence inside company systems and computers. Law enforcement has said publicly that they do not yet have a complete list of the companies that were probed by the hackers, but others close to the investigation say the number of financial heavyweights targeted may grow.