J.P. Morgan Targeted in Possible Cyber Attack

J.P. Morgan Chase & Co. (JPM) and up to four other banks were the victims of a possible cyber attack. According to the media, the financial institution is working with law enforcement authorities to figure out what happened.

Reuters reports that sources say the firm began its own probe after malicious software was found in its network, which indicates there had likely been a cyber attack. The Federal Bureau of Investigation is looking to see whether Russian hackers may have been involved. A possible motive for them could be retaliation for sanctions against Russia because of its role in the Ukraine military conflict. It is not unusual for Russian organized crime to target big financial institutions. Also looking into the matter is the U.S. Secret Service.

According to the Wall Street Journal, the hackers appear to have gotten in through the personal computer of employee and penetrated the bank’s inner systems. Gigabytes of customer and employee data may have been targeted. Authorities are trying to determine whether any data that might have been stolen has been used to move funds.

It was JPMorgan’s office in Hong Kong that was reportedly infected with the Zeus Trojan horse malware earlier this summer. The malware is capable of stealing banking credentials. Another of its offices, this one in India, was infected with the Sality malware, which can compromise Web servers and nab information. One bank that was hacked was reportedly targeted with “Zero-day,” a software flaw that makes it easy for hackers to take control of a computer via remote.

Banks have a duty to disclose when customer data has been breached. Often, companies can’t immediately tell what has been stolen or who was impacted. Should a theft arise as a result of a data breach, consumers have greater protections than corporations.

Unfortunately, cyber security has been a worry for large banks in the last last few years. In 2012, Iranian hackers targeted JPMorgan, Wells Fargo & Co. Inc. (WFC), PNC Financial Services Corp. (PNC), and U.S. Bancorp (USB) a distributed denial of service threats (DDoS) cyber attack. DDoS involves kicking websites offline by sending useless traffic to them.

In his latest yearly shareholder letter, JPMorgan CEO and Chairman James Dimon said that by the end of the year the firm would have spent over $250 million annually. He estimates that the firm will have had 1,000 people working on cyber security. Dimon cited the increase in cyber attacks globally as a reason for the heightened efforts.

Cyber crooks have also lately been targeting high-net worth individuals who have substantial accounts and other holdings. Brokerage firms, registered investment advisers, and wealth management companies are also under risk of cyber attacks.

Cybersecurity threats to financial firms on the upswing in 2014, InvestmentNews, January 10, 2014

FBI Probes Possible Hacking Incident at J.P. Morgan, Wall Street Journal, August 28, 2014

More Blog Posts:
JPMorgan Will Pay $614M to US Government Over Mortgage Fraud Lawsuit, Stockbroker Fraud Blog, February 8, 2014

JP Morgan VP Barred from Securities Industry By FINRA for Insider Trading Scam, Stockbroker Fraud Blog, January 25, 2014

Christ Church Cathedral Sues JPMorgan Chase Over Proprietary Product Sales, Institutional Investor Securities Blog, August 13, 2014