We thought Target was bad. Then we thought Home Depot was bad.
As it turned out, we hadn’t seen anything yet.
Earlier this month, JPMorgan Chase disclosed in a securities filing that a cyberattack this summer on the bank compromised the accounts of 76 million households and 7 million small businesses, a total that was well above the company’s initial estimates and puts the intrusion among the largest ever.1
As the New York Times put it, the extent of the data-pilfering comes at a time when consumer confidence in the digital operations of corporate America has been shaken. Last year, the information of 40 million cardholders and 70 million others were compromised at Target, while just last month an attack at Home Depot affected 56 million cards.
However, the Times said that the data held by JPMorgan goes beyond the typical credit card details, and potentially includes even more sensitive information.
According to the Times, the hackers appeared to recover a list of applications and programs that run on JPMorgan’s computers, which they could crosscheck with known vulnerabilities in each program and web application in search of an entry point back into the bank’s systems.
Operating overseas, the hackers gained access to the names, addresses, phone numbers and emails of JPMorgan account holders, the Times reported, although it’s important to note there was no evidence that account information, including passwords or Social Security numbers, had been taken. The bank also said there was no evidence of fraud involving the use of customer information.
Still, until the JPMorgan breach originally surfaced in July, banks were viewed as relatively safe from online assaults because of their investment in defenses and trained security staff. Most previous breaches at banks have involved stealing personal identification numbers for ATM accounts, not burrowing deep into the internal workings of a bank’s computer systems, according to the Times.
Even if no customer financial information was taken, the apparent breadth and depth of the JPMorgan attack shows how vulnerable Wall Street institutions are to cyber crime, the Times said. In 2011, hackers broke into the system of the Nasdaq stock market, but did not penetrate the part of the system that handles trades.
Faced with the rising threat of online crime, JPMorgan has said it plans to spend $250 million on digital security annually, but had been losing many of its security staff to other banks over the last year, with others expected to leave soon.
Over the past three months, the Cyber Security motif has lost 1.7%. In that same time, the S&P 500 has fallen 4.7%. In 2014, the motif has decreased 10.3%; the S&P 500 is up 3.1%.
1Jessica Silver-Greenberg, Matthew Goldstein and Nicole Perlroth, “JPMorgan Chase Hacking Affects 76 Million Households,” nytimes.com, Oct. 2, 2014, http://dealbook.nytimes.com/2014/10/02/jpmorgan-discovers-further-cyber-security-issues/, (accessed Oct. 13, 2014).