Cyberattack at JPMorgan Chase Also Hit Website of Bank’s Corporate Race

[InfoSec News <alerts () infosecnews org>]

http://dealbook.nytimes.com/2014/10/15/cyberattack-at-jpmorgan-chase-also-hit-website-of-banks-corporate-race/

By MATTHEW GOLDSTEIN, NICOLE PERLROTH and JESSICA SILVER-GREENBERG
The New York Times
OCTOBER 15, 2014

The JPMorgan Chase Corporate Challenge, a series of charitable races held 
each year in big cities across the world, is one of those feel-good events 
that bring together professionals from scores of big companies.

It was also a target for the same cyberthieves who successfully breached 
the bank’s digital perimeters, compromising the accounts of 76 million 
households and seven million small businesses, according to people with 
knowledge of the matter.

The JPMorgan Chase Corporate Challenge website, which is managed by an 
outside vendor, has been conspicuously inaccessible since early August, 
with visitors to the site seeing only a lonely list of coming races. The 
link between the breach on that website and the broader attack, which the 
bank said did not compromise any financial information, has not been 
previously reported.

The bank said it discovered the breach in the Corporate Challenge website 
on Aug. 7, about a week after it learned of the broader intrusion into its 
computer network. By infiltrating the race website, hackers were able to 
gain access to passwords and contact information for participants, the 
bank informed them.

[...]

--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/