12:00 PM
Connect Directly

JPMorgan Chase Breach Impacts 76 Million Consumers

A regulatory filing showed that the JPMorgan breach reported in August has affected 76 million households and 7 million small businesses.

Customers and industry players have been left to wonder about the full extent of the damage caused by the JPMorgan Chase data breach reported in August. That damage was finally revealed yesterday in an SEC filing.

JPMorgan said that 76 million households and 7 million small businesses had been compromised in the attack. The hackers stole personal information like names, phone numbers, and email addresses, but no account numbers, Social Security numbers, or passwords were stolen. The bank also said there has been no unusual fraud activity in the compromised accounts so far.

[For more on our coverage of the JPMorgan breach, check out: What Banks Need To Do After the JPMorgan Breach.]

There are still a lot of unanswered questions regarding the breach. How the attackers gained access to the bank's systems and customer accounts remains unclear. The New York Times, citing anonymous sources, reported that the hackers had a list of the applications and programs running on the bank's computers. More than 90 servers were compromised, and the hackers gained important administrative privileges in the bank's systems.

Security experts say that more information is needed to learn how the hackers were able to execute their attack. "Yet another breach of a huge amount of personal information but little detail of how the attack occurred is disclosed," said Gavin Millard, EMEA technical director for Tenable. "Was it a phishing attack directed towards a JP Morgan employee, a zero-day vulnerability utilized, or simply a poorly configured edge device giving access? Organizations would benefit from more information sharing between investigators and interested affected parties."

The motives are also still unknown; the attackers haven't committed any fraudulent transactions with the compromised accounts.

JPMorgan "discovered the intrusion in mid-August and now believe the breach began as early as June," said Carmine Clementelli, network security product manager for PFU Systems. "The intrusion was already on the bank's servers. How did that happen? More importantly moving forward is why?"

John Zurawski, vice president for Authentify, said this breach also differs from the attacks on Target and Home Depot in the past year in that it affects millions of small businesses in addition to consumers. Small businesses rarely have better cyber security protection than the average consumer, but they usually have much more money at stake. "Small businesses should immediately change their passwords, and Chase will have to authenticate those requests very carefully." Clients should also sign up for any multi-factor authentication available from the bank.

Jonathan Camhi has been an associate editor with Bank Systems & Technology since 2012. He previously worked as a freelance journalist in New York City covering politics, health and immigration, and has a master's degree from the City University of New York's Graduate School ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
10/6/2014 | 12:32:01 PM
Re: cyberattack
According to the SEC filing, they are in the process of notifying customers. It's obviously not the sort of news that people want to hear from their bank. It will be interesting to see if and how customers respond.
User Rank: Author
10/6/2014 | 10:45:53 AM
Pretty scary that such a big bank could be compromised like this, this is a fairly big breach. I know the brach was revealed in am SEC filing, but prsumably the people affected were already notified?
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology
BS&T's 2014 Elite 8 executives are leading their banks to success, whether it involves leveraging the cloud, modernizing core systems, or transforming into digital enterprises.
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.