NEW YORK—Now that JPMorgan Chase has confirmed a data breach affecting as many as 76-million household accounts and seven-million small business accounts, reports of how hackers were able to infiltrate the nation’s largest bank are beginning to surface.
According to JPMorgan Chase, the breach, which is believed to have begun in June and run through July, apparently obtained a list of the applications and programs that run on JPMorgan’s computers that were then cross-checked with known vulnerabilities in each of those programs and web applications until one or more entry points were found, according to sources who spoke with the New York Times. In a regulatory filing late last week, the bank said that there was no evidence that account information, including passwords or Social Security numbers, had been taken. The bank has also said that to date there has been no evidence of fraud involving the use of customer information. The Times reported that hackers penetrated deeply into more than 90 servers. JPMorgan plans to spend $250 million on digital security annually.
JPMorgan’s efforts come at the same time CUNA has launched a campaign aimed at stopping data breaches. The effort includes a new website StopTheDataBreaches.com—that allows consumers to take action and urge Congress to step in and hold merchants accountable for data violations.