BreachExchange mailing list archives
Full extent of J.P.Morgan hack not known, two months after attack
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 15 Sep 2014 18:37:38 -0600
http://www.electronista.com/articles/14/09/13/names.addresses.phone.numbers.taken.banking.info.probably.safe/ Information security professionals are still apparently sorting out the depth of an intrusion at J.P.Morgan Chase from earlier this summer. Three people with information regarding the digital break-in have spoken to press, claiming that the hackers had -- and in some cases may still have -- high-level access to bank servers, as well as gleaning information from around a million customer accounts. The New York Times is reporting that more than 90 of the company's servers worldwide were penetrated during the attack, which lasted over two months this summer. Data suspected to have been accessed are user names, addresses, and phone numbers, but any revelation of financial information or Social Security numbers is presently deemed unlikely. The US Federal Bureau of Investigation (FBI) and US Secret Service are working in parallel to investigate the intrusions. Bloomberg claims that the National Security Agency is working with the pair as well. FBI spokesman J. Peter Donald confirmed the involvement of the Secret Service in the matter, and will work to determine the magnitude of the "recently reported cyber attacks against several American financial institutions." J.P.Morgan spokesperson Kristin Lemkau said of the hack that the company "uncovered an attack by an outside adversary recently where the firm's technology environment was compromised. We are confident we have closed any known access points and prevented any future access in the same way." Lemkau claims that there has not been any unusual fraud activity as a result of the breach.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Full extent of J.P.Morgan hack not known, two months after attack Audrey McNeil (Sep 19)