Skip to content ↓ | Skip to navigation ↓

Update: JPMorgan Chase states it is not aware of a second intrusion on its computer network. The corrected New York Times story reads, “While the bank found evidence of previously unknown hacking, it says the latest discovery does not constitute a breach separate from an earlier one.”

JPMorgan Chase—the American multinational banking and financial services company—has discovered further evidence of the intrusion that compromised sensitive data from its computer network in late July.

According to a report by The New York Times, the bank discovered hackers had gained access to some of its servers but it was yet unclear whether the evidence came from a second intrusion or if it was tied to the original incident.

The compromise in July was successfully carried out by attackers using a zero-day exploit, leading to the exposure of gigabytes of sensitive data. Individuals with knowledge of the investigation reported hackers were granted visibility into more than one million customer accounts, said the NYTimes article.

The New York Times added the intrusion led to an elaborate investigation in collaboration with the Federal Bureau of Investigation, as well as a mandatory update to JPMorgan’s regulators, including the Federal Reserve.

At the time, JPMorgan stated it had not found evidence indicating customers’ financial assets had been taken and it was continuing to assess the extent of the breach.

Ken Westin, Tripwire security researcher, says many tools used in the original attack appeared to be custom-made specifically for JPMorgan’s environment, which indicated hackers had prior knowledge of the bank’s architecture of the network and internal systems.

“If state actors are targeting financial services sectors, the question remains what else they may target or have access to,” said Westin.

“The use of advanced zero-day exploits that many organizations cannot defend against raises the stakes substantially and will require better communication between the government, private industries and other organizations to help defend infrastructure.”

Tripwire University
  • 5h4g

    One word: FireEye

    There may be a whole host of APT activity they don't even yet know about right now until they get a FireEye box in there… stuff that doesn't yet have signatures their current defenses rely on for detection.