FBI investigates hack of JPMorgan, other US banks

FBI investigates hack of JPMorgan, other US banks

Summary: JPMorgan is reportedly one of multiple US banks which have suffered network breaches resulting in the loss of customer data.

TOPICS: Security
credit cnet
Credit: CNET

The US Federal Bureau of Investigation (FBI) is reportedly investigating the possibility that a number of US banks have become the recent victims of cyberattack.

On Wednesday, multiple news outlets reported that Russian hackers may have carried out cyberattacks against JPMorgan Chase and another US bank earlier this month. The New York Times reported that JPMorgan Chase and at least four other US banks were targeted in a string of coordinated attacks over the course of this month.

Bloomberg says that law enforcement agencies are investigating whether the cyberattacks are related to recent attacks on European banks.

FBI spokesman Joshua Campbell told Reuters:

"We are working with the United States Secret Service to determine the scope of recently reported cyber attacks against several American financial institutions."

The spokesman declined to name the banks in question, but according to Reuters sources, JPMorgan Chase is one of the US financial institutions affected. The financial institution is still conducting its own internal investigation to determine what occurred.

JPMorgan spokesman Brian Marchiony declined to discuss the specific cyberattack, but told the publication that "companies of our size unfortunately experience cyber attacks nearly every day. We have multiple, layers of defense to counteract any threats and constantly monitor fraud levels."

According to the Wall Street Journal, up to five banks may have been affected. WSJ sources say that the investigation so far has revealed that hackers were able to make significant strides in infiltrating JPMorgan's systems, and large quantities of data were stolen, including checking and savings account data.

The cyberattack is believed to have stemmed from an employee's personal computer, which was infected with malware that provided a VPN tunnel into the bank's networks.

Sources close to the investigation say it is too early to determine which country the attack originated from, or who may be responsible.

If true, this is not the first time JPMorgan has been a target of cyberattack. In December, the bank admitted to a security breach which left 465,000 prepaid cash card customer records at risk.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Sandboxing Employees

    The easiest vector into any network has always been an internal one, usually a compromised account. When such an incursion happens to a large organization whose staffed with a division of security experts, it begs the question why better sandboxing, GPO's, algorithims monitoring questionable data flows and the like are not more rigidly monitored and controlled.

    Unlike sports or marketing statistics, having a high average of success is failure when thousands, hundreds of thousands and even millions of trusting customers have their most sensitive information stolen, especially through uncompetance or neglect.
    • Because, like powerful people, large oganizations become arrogant and lazy.

      They look for a single "silver bullet" for protection - like VPN. They "hire out" services which were once done in-house. Vulnerabilities which make their way into the facilities of the "hire guns" out there put at risk all of the clients of that third-party. We seem to be able to protect our medical records so why can't we protect our financial records?
      M Wagner
  • keep "investigating"

    and whitewashing the results ( or just pretend to be investigating).

    Or, get rid of $hittows everywhere and save everybody money, trouble, improving security at the same time.
  • Why isn't anyone asking the $64K question?

    To what extent are Windows XP vulnerabilities contributing to these thefts? The speculation that an employees malware infested PC opened the door through a VPN tunnel is disconcerting but I have to wonder why there are not additional levels of security once the hackers were inside the institutional firewall. What OS was this employee running on his/her personal device?
    M Wagner