Following the revelation late last month that Russian hackers stole gigabytes of data from JPMorgan Chase and at least four other banks, The New York Times recently published a detailed report on the attacks, which states that the hackers were able to view information on a million customer accounts between June and late July 2014.
More than 90 of the bank’s servers were affected, according to the Times, effectively giving the hackers high-level admin privileges in the system. The hackers were also able to access a list of software applications installed on bank computers, allowing them to look for applications with known vulnerabilities and potentially gain further access.
Investigators told the Times that they believe the attacks were planned for months, and may have involved assistance from, or coordination by, a foreign government.
Still, much remains unclear about the nature or extent of the breach — one source told the Times that the hackers were only able to view customers’ names, addresses and phone numbers, while financial information and Social Security numbers remained protected.
And JPMorgan spokesperson Kristin Lemkau told the Times the bank is confident that “any known access points” have been closed, and any future access in a similar manner has been prevented.
However, K2 Intelligence executive managing director Mitchell Silber told the Times that it’s not yet clear exactly how much damage was caused by the breach, noting, “The question is, have some other trap doors been left over that can be accessed?”
On August 7, 2014, JPMorgan also discovered that hackers had accessed names, addresses, email addresses and passwords for the JPMorgan Chase Corporate Challenge website.
“None of your banking or other financial information was viewed,” JPMorgan vice president Deborah C. Wells wrote in the notification letter [PDF] to those affected by that breach. “We have taken steps to prevent unauthorized access to the site’s database.”
“We encourage you to avoid using the same password at multiple sites and to change all your passwords regularly,” Wells added.
HyTrust president and co-founder Eric Chiu said by email that the JPMorgan Chase breach is particularly frightening due to the level of access the attackers appear to have gained, and due to the size of the bank’s customer base. “The breach at JPMC should be a wake up call for every organization to make security a top priority, especially against attacks from the inside given that that insider threats are the number one cause of breaches today and can result in the greatest damage,” he said.
And RedSeal Networks chief evangelist Steve Hultquist said by email that the breach shows that the cyber security battle continues to escalate, with cyber criminals finding that the potential rewards make significant investment worthwhile. “The increased sophistication of attacks makes it clear that every organization must not only be diligent, but must continue to increase the maturity of their defenses and proactive analysis to be sure that all of their network security is designed and implemented as necessary to truly protect [their] systems to the extent possible,” he said.