JP Morgan Chase is in furious damage-control mode. It’s emerged that the hack it disclosed in August was FAR bigger than first thought. Not only that, but it seems to have been caused by simple social-engineering of one single employee.
Isn’t it a bit suspicious, then, that anonymous sources are falling over themselves to finger Russia?
In IT Blogwatch, bloggers remind us NYSE:JPM is America's largest bank. Not to mention: Everything wrong with 1985…
Your humble blogwatcher curated these bloggy bits for your entertainment.
Believing the strangest things, Jeremy Kirk is loving the alien:
Names, addresses, phone numbers and email addresses were compromised in a cyberattack on JPMorgan Chase...76 million households and 7 million small businesses were affected.
Bank account numbers, passwords, user IDs, birth dates...credit, debit and Social Security numbers are not believed to have been compromised.
Customers who used...Chase.com, JPMorganOnline, Chase Mobile or JPMorgan Mobile were affected. [The] attack...lasted from June through August. MORE
Emily Glazer and Danny Yadron watch them come and go:
[It's] one of the most sweeping disclosed breaches of a financial institution. [It] extended to the bulk of the bank’s customer base, affecting...two-thirds of American households [and] about seven million...small-business customers
[But] people familiar with the investigation...said the data accessed appears to be related to J.P. Morgan’s marketing functions rather than its banking operations. ... That makes it less concerning. ... The attacks focused on servers that housed user contact information of current and former customers [and] went unnoticed for about two months this summer.
People briefed on the investigation suspect a possible Russian or Eastern European link. ... Hackers appear to have originally breached J.P. Morgan’s network via an employee [PC and VPN]. MORE
JPMC&Co. travel the holy land, opening telegrams:
After extensive review...there is no evidence that your account numbers, passwords, user IDs, date of birth or Social Security number were compromised. ... Your money...is safe.
We are very sorry that this happened. ... There are always lessons to be learned, and we will learn from this one and use that knowledge to make our defenses even stronger. MORE
Torture comes and torture goes. Hugh Son would give you anything:
The bank, led by...Jamie Dimon, hasn’t detected “any unusual customer fraud”...and clients aren’t liable for unauthorized transactions that are promptly reported.
JPMorgan shares fell 0.4 percent to $58.58 at 6:19 p.m. in extended trading.
Two people familiar with the bank’s investigation have said...the intruders reached deep into the bank’s infrastructure, siphoning gigabytes of information, until mid-August [and that] investigators believe [they] originated in Russia. ... Government officials and security specialists have long warned of the possibility of cyber disruptions. ... Those concerns are heightened in times of conflict. ... Dmitry Peskov, a spokesman for Putin, previously dismissed the notion that Russia was behind the JPMorgan attack as “nonsense.” MORE
But if Jessica Silver-Greenberg, Matthew Goldstein and Nicole Perlroth pray, all their sins are hooked upon the sky:
Hackers drilled deep...reaching more than 90 servers, the people with knowledge of the investigation said. [The] lack of any apparent profit motive has generated speculation...that the hackers...may have been sponsored by elements of the Russian government.
By the time the bank’s security team discovered the breach in late July, hackers had already obtained the highest level of administrative privilege...according to the people. ... It is still unclear how. MORE
You have been reading IT Blogwatch by Richi Jennings, who curates the best bloggy bits, finest forums, and weirdest websites… so you don't have to. Catch the key commentary from around the Web every morning. Hatemail may be directed to @RiCHi or email@example.com. Opinions expressed may not represent those of Computerworld. Ask your doctor before reading. Your mileage may vary. E&OE.