STRATEGIC PARTNERS
To crack the accountholder database, hackers cross-referenced a list of programs running on the FI's computers with a record of their known vulnerabilities.
October 3, 2014
Cyberthieves filched data from 76 million households and 7 million small businesses in the recently reported attack on JPMorgan Chase computer systems, a New York Times Dealbook report said yesterday. Previously, Chase executives had said that only around 1 million accounts were affected.
The break-in rivals the Home Depot breach in the number of accounts compromised, and both exceed the size of the Target breach reported last December.
The Chase breach is different, though, in that information stolen could be more extensive and more sensitive than that taken in retail breaches. As the Dealbook report said, "JPMorgan, as the largest bank in the nation, has financial information in its computer systems that goes beyond customers’ credit card details and potentially includes more sensitive data."
Additional information has emerged about the methods used in the cyberattack, as well. Anonymous insiders told the Times that hackers apparently obtained a list of the applications and programs used by JPMorgan and cross-referenced the list with known vulnerabilities for each listed item.
Using this information, intruders gained access to names, addresses, phone numbers and emails of accountholders, but in a regulatory filing, JPMorgan said there was no evidence indicating that account information, Social Security numbers or passwords had been stolen.
