Let’s start with what we know. JPMorgan Chase & Co. (JPM) says a breach of its computer systems exposed the personal information of 76 million households and 7 million small businesses. The intrusion lasted from June until sometime in August, so hackers had more than a month to nose around. They accessed names, addresses, phone numbers and e-mail addresses, although the bank says there’s no evidence they compromised account information, passwords or Social Security numbers, Bloomberg Markets magazine will report in its December issue.
And keep in mind: JPMorgan is a giant, profitable bank with a reputation as one of the best companies in the world at cybersecurity.
Even more worrisome is what we don’t know -- about the intrusion at JPMorgan, the hackers who did it and the potential vulnerability of the entire financial system. The bank has said little publicly about the breach beyond its description of the customer information that was and was not compromised and an assurance the company is cooperating with government investigations. U.S. intelligence agencies, federal prosecutors and attorneys general from at least two states have all launched probes. More...
The FBI sent a warning to companies yesterday, telling them that “these state-sponsored hackers are exceedingly stealthy and agile” and have used customized malicious code that was undetected by security researchers and law enforcement. More...
JPMorgan, the largest U.S. bank, outlined the scope of the previously disclosed breach yesterday, reassuring clients there’s still no evidence account numbers and passwords were compromised, even as names and contact data were exposed. People who logged on to certain websites or mobile apps had contact information stolen, the New York-based company said.
The bank has been struggling to head off damage since the incident, first reported by Bloomberg News in August. New details on how attackers accomplished the feat over months, including their initial entry, were provided by two people briefed on the investigation, who requested anonymity because it’s private. JPMorgan said the threat now is phishing, in which criminals try to trick people into handing over more valuable data, such as user IDs and passwords. More...
- White House renews effort on cybersecurity bill with new proposal
- Sony malware may be linked to other damaging attacks: researchers
- 'Sony-pocalypse': Why the Sony hack is one of the worst hacks ever
- Hackers Probing Financial System’s Defenses Show Why Everyone Should Worry
- FBI Warns Tech Companies of State-Sponsored China Hackers
- JPMorgan Password Leads Hackers to 76 Million Households
- Tech, equipment makers join U.S. 'net neutrality' debate
- Home Depot breach a near certainty, yet Backoff remains a question
- Data breach at UPS Stores in 24 states
- Hospital network hacked, 4.5 million records stolen