BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Full extent of J.P.Morgan hack not known, two months after attack

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 15 Sep 2014 18:37:38 -0600
http://www.electronista.com/articles/14/09/13/names.addresses.phone.numbers.taken.banking.info.probably.safe/

Information security professionals are still apparently sorting out the
depth of an intrusion at J.P.Morgan Chase from earlier this summer. Three
people with information regarding the digital break-in have spoken to
press, claiming that the hackers had -- and in some cases may still have --
high-level access to bank servers, as well as gleaning information from
around a million customer accounts.

The New York Times is reporting that more than 90 of the company's servers
worldwide were penetrated during the attack, which lasted over two months
this summer. Data suspected to have been accessed are user names,
addresses, and phone numbers, but any revelation of financial information
or Social Security numbers is presently deemed unlikely.

The US Federal Bureau of Investigation (FBI) and US Secret Service are
working in parallel to investigate the intrusions. Bloomberg claims that
the National Security Agency is working with the pair as well. FBI
spokesman J. Peter Donald confirmed the involvement of the Secret Service
in the matter, and will work to determine the magnitude of the "recently
reported cyber attacks against several American financial institutions."

J.P.Morgan spokesperson Kristin Lemkau said of the hack that the company
"uncovered an attack by an outside adversary recently where the firm's
technology environment was compromised. We are confident we have closed any
known access points and prevented any future access in the same way."
Lemkau claims that there has not been any unusual fraud activity as a
result of the breach.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!
Previous By Date Next
Previous By Thread Next

Current thread: