JPMorgan Chase attackers hacked other banks, report says

A wave of high-profile cyberattacks this year on U.S. companies underscores the need for better security practices

The news about this summer's cyberattack on JPMorgan Chase continues to get worse: A number of other financial institutions were also hit by the same group, according to the New York Times.

"About nine other financial institutions a number that has not been previously reported were also infiltrated by the same group of overseas hackers," according to the story, posted online Friday night. "The hackers are thought to be operating from Russia and appear to have at least loose connections with officials of the Russian government."

The story cited unnamed sources briefed on the matter.

A wave of high-profile cyberattacks this year on U.S. companies including hardware supplies retailer Home Depot and the Jimmy Johns sandwich shops, as well as last year's hack on household goods chain Target, are serving to raise public awareness of weaknesses in the security systems of major businesses. The attacks on the big U.S. businesses range in severity, but underscore the need for consumers to understand how to protect sensitive information online.

The New York Times' Friday report was posted a day after details of the JPMorgan hack came to light via a filing the bank made to the U.S. Securities and Exchange Commission. In total, 76 million households and 7 million small businesses were affected by the attack, the bank said in an 8-K filing Thursday to the SEC.

The attack compromised information and data used in connection with providing or offering services, the bank said. However, sensitive information including account numbers, passwords and credit, debit and Social Security numbers are not thought to have been compromised, the back stated. The bank said it does not believe customers "need to go through the inconvenience of having their cards reissued."

Even when an attack does not involve credit card or social security numbers, however, information such as names of people who use a certain service can be used by criminals to pry more sensitive information from unsuspecting consumers via phishing attacks. In the wake of the cyberattacks, consumers need to be especially careful of any communication, even from apparently trusted sources, that requests information such as passwords, experts say.

JPMorgan's regulatory filing was short on details about how the attack occurred. When media reports about the hack surfaced in late August, JPMorgan Chase declined to confirm the attacks. It said large companies constantly experience cyberattacks. This is precisely the problem, argue advocacy groups: weak security coupled with lack of disclosure of breaches are a serious disservice to consumers. Consumer advocates and some politicians are calling for more stringent breach disclosure laws.

Meanwhile, U.S. agencies including the Federal Bureau of Investigation and the Secret Service are working with JPMorgan to better determine the scope and source of the attacks. JPMorgan and the Secret Service did not immediately return requests for comment Saturday.

Join the CSO newsletter!

Error: Please check your email address.

Tags JPMorgan Chasesecuritydata breach

More about ClickFederal Bureau of InvestigationHome DepotSECSecurities and Exchange Commission

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Marc Ferranti

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts