JPMorgan hack: It could have been worse

It looks like the infiltrators had a look around in JPMorgan's June security breach -- but did not manage to siphon customer funds from bank accounts.
Written by Charlie Osborne, Contributing Writer
credit cnet
Credit: CNET

Hackers that infiltrated the system of JPMorgan Chase & Co in June did not manage to access financial data or steal customer funds.

Earlier this year, cybercriminals infiltrated the financial institution's networks. While the cyberattack took place in June, JPMorgan did not detect the intrusion until July, and has only briefed financial regulators concerning the breach this month.

According to three people with knowledge of the investigation, the hackers were able to break into multiple JPMorgan servers over two months. This, in turn, may have given the criminals an intimate understanding of how the bank's computers and systems operate.

As reported by the New York Times on Friday, an investigation into the June security breach has shown there is no evidence that proprietary software, network blueprints or money was stolen. JPMorgan spokeswoman Kristin Lemkau told the publication:

"We uncovered an attack by an outside adversary recently where the firm’s technology environment was compromised. We are confident we have closed any known access points and prevented any future access in the same way."

In addition, Lemkau said the bank has not detected "any unusual fraud activity," since the hack.

The infiltration is believed to have begun as a phishing attack, which infected an employee's personal computer with malware that drilled a VPN tunnel into JPMorgan's systems. While the hackers were able to review information on roughly one million customer accounts and software installed on the servers, they did not gain access to financial information or social security numbers. It is not known whether account holder names, addresses and phone numbers were exposed.

At the time, JPMorgan spokesman Brian Marchiony said the company has "multiple layers of defense to counteract any threats and constantly monitor fraud levels."

The US Federal Bureau of Investigation (FBI) is working with JPMorgan to assess the damage and discover how the security breach took place. According to the NYT, JPMorgan is one of at least four US banks targeted in a string of attacks, and reports suggest they may be related to recent attacks on European banks.

In December, JPMorgan admitted to a security breach which left 465,000 prepaid cash card customer records at risk.

Read on: In the world of security

Editorial standards