News is breaking that in August, JPMorgan Chase potentially had 76 millions account holder details leaked.
The discovery of this enormous breach came after a security filing posted online yesterday found that JP Morgan Chase, one of the world’s largest financial institutions, underestimated the number of customers affected by the online intrusion by 75m account holders, according to The New York Times.
The intrusion was first found to have happened last June but only discovered the following month, according to the report, and now its customers’ personal information including names, addresses, telephone numbers and emails are available to the highest bidder online.
However, JP Morgan Chase have emphasises that the arguably more important information of bank details, social security numbers and passwords, have been unaffected by this breach.
What puzzles us, is that the breach was not made public, but instead was found by going through a publicly filed securities filing document.
It is understood that the hackers involved in this case were able to exploit their systems’ vulnerabilities by obtaining a checklist of all the systems the company ran and finding what their weak points were.
The report further explains that a digital raid was not the motive, theft was not the motive, and that JPMorgan Chase will spend $250M to rebuild their security. We hope that life-lock or similar for their customers is PART of that spend:
The motives of whoever the hackers may be remains unclear as they infiltrated deep into the bank’s 90 internal servers but seemingly were not performing a digital bank raid.
The New York Times report that security experts and government officials believing they may have originated from southern Europe and could even have been under the influence of the Russian government, but this is still very much speculation.
The bank will now begin the re-building process of its digital security systems and has promised to spend almost US$250m on its security from online threats.
In another report it is suggested that a bank employee password may have been the source of the attack – also suggesting that all bank staff passwords were reset as a security measure:
“alleges that the root cause of the exploit was by way of a JPMorgan employee’s computer, which led the bank to reset the password of the bank’s staff”