Window with JP Morgan Chase written on it.
Photo: Spencer Platt/Getty Images

Banking giant JP Morgan Chase filed an official notice yesterday to the U.S. Securities and Exchange Commission (SEC) updating the material information concerning the cyberattack the bank uncovered during the summer. According to the bank’s Form 8-K, for customers using its Chase.com and JPMorganOnline websites as well as the Chase and J.P. Morgan mobile applications:

  • User contact information—name, address, phone number and email address—and internal JPMorgan Chase information relating to such users have been compromised.
     
  • The compromised data impacts approximately 76 million households and 7 million small businesses.
     
  • However, there is no evidence that account information for such affected customers—account numbers, passwords, user IDs, dates of birth or Social Security numbers—was compromised during this attack.

To give you some perspective on the size of the breach, there are approximately 112 million households in the United States, along with 29.7 million small businesses.

The bank also reported in its SEC filing that it hasn’t seen any unusual customer fraud related to the data breach and that customers will not be not liable for any unauthorized transaction on their accounts, provided that they promptly alert the bank to the bogus transaction.

JP Morgan goes on to say in a customer notice that it is “very sorry that this happened and for any uncertainty this may cause you.” Additionally, it  says that, “There are always lessons to be learned, and we will learn from this one and use that knowledge to make our defenses even stronger. “

In the bank's 2013 annual report, JP Morgan CEO Jamie Dimon stated  that the firm was going to be spending $250 million annually on cybersecurity and employ some 1,000 people to help ensure security at the bank.

Cybersecurity experts all seem to agree that the breach of JP Morgan, considered one of— if not the— most sophisticated and best cyber- protected banks in the world, is highly worrying. Less clear is whether the reason customer personal data wasn’t taken was accidental or on purpose. (The Wall Street Journal reports that the bank’s marketing systems rather than operational banking systems were penetrated)

A story at the New York Times, for instance, says that the cybercriminals had deep and pervasive access to JP Morgan IT systems for months, even obtaining “the highest level of administrative privilege” to 90 of the bank’s computer servers.  However, the Times states, “investigators in law enforcement remain puzzled” since there is no evidence that money has been taken from customer accounts, nor has there been any launch of a major phishing campaign using the stolen contact information. Phishing a JP Morgan employee seems to be the way the cybercriminals got access to JP Morgan systems, by the way.

Speculation runs the gamut, including that the attack was sponsored by elements of the Russian government as a warning about Western government interference in the Ukrainian Conflict and that it could be a search for confidential information on high value targets, such as President Obama, who is said to be a JP Morgan customer. Other security experts speculate that this attack may have been just an initial foray into the bank’s IT system to understand how it works. If so, they likely will be back, in which case, expect more than contact information to be compromised.

Whatever the real reason, the bottom line is that as the recent compromise of 56 million U.S. and Canadian payment cards at Home Depot exemplifies, cyber-insecurity is pervasive. Security maven Brian Krebs probably said it best when he told the Guardian, “Reality is dawning among regular corporations that you can’t keep these guys out. The most you can do is stop the bleeding.”

The Conversation (0)

The Cellular Industry’s Clash Over the Movement to Remake Networks

The wireless industry is divided on Open RAN’s goal to make network components interoperable

13 min read
Photo: George Frey/AFP/Getty Images
DarkBlue2

We've all been told that 5G wireless is going to deliver amazing capabilities and services. But it won't come cheap. When all is said and done, 5G will cost almost US $1 trillion to deploy over the next half decade. That enormous expense will be borne mostly by network operators, companies like AT&T, China Mobile, Deutsche Telekom, Vodafone, and dozens more around the world that provide cellular service to their customers. Facing such an immense cost, these operators asked a very reasonable question: How can we make this cheaper and more flexible?

Their answer: Make it possible to mix and match network components from different companies, with the goal of fostering more competition and driving down prices. At the same time, they sparked a schism within the industry over how wireless networks should be built. Their opponents—and sometimes begrudging partners—are the handful of telecom-equipment vendors capable of providing the hardware the network operators have been buying and deploying for years.

Keep Reading ↓ Show less