The top news this week is about Wall Street giant JP Morgan Chase, which disclosed on Thursday that a previously disclosed breach was much larger than initially believed, affecting more than 75 million account holders. And once again, reports suggest that a compromised employee account may be at the root of the incident.
Bloomberg, which first broke the news of the cyber attack on JPMorgan Chase in August, said on Friday that hackers exploited an employee’s access to a development server as part of an attack on a JPMorgan Chase & Co. server that led to one of the largest cyber-attacks ever and the theft of data on 76 million households and 7 million small businesses.
According to the Bloomberg report, which cited “people familiar with the bank’s review,” the breach started in June when an employee’s user name and password for what’s described as “a web-development server” were compromised. From that system, the attackers were able to get access to JPMorgan’s broader network, the sources said.
The hackers accessed more than 100 servers that housed data across the spectrum of the company’s business lines, including investment banking, credit cards, and commercial and residential banking, the people said.
Using sophisticated tools and malicious programs, the intruders siphoned gigabytes of data until the breach was discovered in August, people familiar with the inquiry have said. Investigators believe the attack originated in Russia, the people said.
In a statement on Thursday JPMorgan Chase, the largest U.S. bank, said that contact information on “approximately 76 million households and 7 million small businesses” was compromised in the breach. However, the bank said it has “no information that account information for such affected customers – account numbers, passwords, user IDs, dates of birth or Social Security numbers – was compromised during this attack. ” JPMorgan Chase also said it has no evidence of “unusual” customer fraud related to this incident.
The breach, first reported in August, is believed to be extensive, with attackers gaining extensive access to JP Morgan’s internal network and compiling a list of deployed applications. News of the breach triggered an FBI investigation and subsequent reports have pointed a finger at hackers in Russia – possibly affiliated with the Russian Government.
JPMorgan initially estimated the number of exposed customer accounts at 1 million. However, further investigation revealed that the number of exposed accounts was much larger.
The Bloomberg report is the latest to underscore the risk to sophisticated organizations of phishing attacks on employees, as well as vulnerable authentication schemes. Attackers who can compromise a system operated by a trusted employee can move quickly within even sophisticated organizations: exploiting other vulnerabilities to elevating their level of access to critical network assets.