2014 JPMorgan Chase data breach

2014 JP Morgan Data Breach
Time2011 – May 2015
Durationc. 3 Years 6 Months
LocationNew York City
TypeData breach
Arrests4
Suspects4
Accused4
Convictions4

The 2014 JPMorgan Chase data breach was a cyberattack against American bank JPMorgan Chase that is believed to have compromised data associated with over 83 million accounts—76 million households (approximately two out of three households in the country) and 7 million small businesses.[1] The data breach is considered one of the most serious intrusions into an American corporation's information system and one of the largest data breaches in history.[2][3][4]

The cyberattack

The attack—disclosed in September 2014—was discovered by the bank's security team in late July 2014, but not completely halted until the middle of August.[3][5] The bank declared that financial and login information associated with the accounts (such as social security numbers or passwords) were not compromised but names, email, postal addresses, and phone numbers of account holders were obtained by hackers, raising concerns of potential phishing attacks.[4][6] The hackers obtained a list of JPMorgan's applications and programs, using it to identify vulnerabilities and gain entry.

The attack targeted nine other major financial institutions alongside JPMorgan Chase.[3][7] As of October 9, the only other company believed to have had data stolen is Fidelity Investments[8], but investigators reported that the attack attempted to infiltrate the networks of banks and financial companies such as Citigroup, HSBC Holdings, E*Trade, Regions Financial Corporation and payroll-service firm Automatic Data Processing (ADP).[9]

The breach occurred at a time when consumer trust in digital security was already fragile due to recent breaches at major retailers.[10]

Indictments and extradition

US federal indictments were issued against four hackers in the massive fraud in November 2015.[11] Two Israelis indicted, Gery Shalon and Ziv Orenstein, were arrested in Israel and will be extradited to the U.S. according to Israel's Justice Ministry.[12] American hacker Joshua Samuel Aaron had also been part of the indictments.[13] They were charged with 23 counts of computer hacking affecting over 100 million customers.[14] Shalon and Orenstein pled guilty. Joshua Samuel Aaron was arrested in Dec 2016.[15] A fourth individual, Andrei Tyurin, was extradited to the US from the Republic of Georgia to face charges in 2018.[16]

JPMorgan Chase's Response

In response to the breach, JPMorgan Chase took several measures, such as doubling its annual security spending from $250 million in 2014 to $500 million within five years.[17] Also, the firm applied software updates to restrict unauthorized access and prevent further exposure of sensitive information.

References

  1. ^ Siegel Bernard, Tara (3 October 2014). "Ways to Protect Yourself After the JPMorgan Hacking". The New York Times. Archived from the original on 4 October 2014. Retrieved 5 October 2014.
  2. ^ "JPMorgan hack exposed data of 83 million, among biggest breaches in history". Reuters. 2 October 2014. Archived from the original on 29 December 2015. Retrieved 5 October 2014.
  3. ^ a b c Goldstein, Matthew; Perlroth, Nicole; Sanger, David E. (2014-10-03). "Hackers' Attack Cracked 10 Financial Firms in Major Assault". The New York Times. Archived from the original on 2020-12-16. Retrieved 2014-10-04.
  4. ^ a b Rushe, Dominic (2 October 2014). "JP Morgan Chase reveals massive data breach affecting 76m households". The Guardian. Archived from the original on 4 October 2014. Retrieved 5 October 2014.
  5. ^ Chan, Cathy (2014-10-02). "Hackers' Attack on JPMorgan Chase Affects Millions". The New York Times. Archived from the original on 2021-02-12. Retrieved 2014-10-02.
  6. ^ Santus, Rex (3 October 2014). "What You Need to Know About the JPMorgan Chase Cyberattack". Mashable. Archived from the original on 5 October 2014. Retrieved 5 October 2014.
  7. ^ Woodyard, Chris (4 October 2014). "Report: Russian hackers behind JPMorgan Chase attack". USA Today. Archived from the original on 4 October 2014. Retrieved 5 October 2014.
  8. ^ Barrett, Devlin (9 October 2014). "J.P. Morgan Hackers Also Stole Fidelity Data, Investigators Think". The Wall Street Journal. Archived from the original on 8 January 2015. Retrieved 9 October 2014.
  9. ^ Riley, Michael (9 October 2014). "JPMorgan Hackers Said to Probe 13 Financial Firms". Bloomberg. Archived from the original on 10 October 2014. Retrieved 10 October 2014.
  10. ^ Perlroth, Jessica Silver-Greenberg, Matthew Goldstein and Nicole (2014-10-02). "JPMorgan Chase Hacking Affects 76 Million Households". DealBook. Retrieved 2024-11-03.{{cite web}}: CS1 maint: multiple names: authors list (link)
  11. ^ Zetter, Kim (10 November 2015). "Four Indicted in Massive JP Morgan Chase Hack". WIRED. Archived from the original on 31 December 2016. Retrieved 4 March 2017.
  12. ^ "2 Israelis in JPMorgan Chase cyber fraud case to be extradited". Jewish Telegraphic Agency. 9 May 2016. Archived from the original on 17 February 2018. Retrieved 23 March 2023.
  13. ^ "Suspected JP Morgan hacker arrested after returning from Moscow". CBS News. 14 December 2016. Archived from the original on 23 March 2023. Retrieved 23 March 2023.
  14. ^ Crowe, Portia (Nov 10, 2015). "JPMorgan fell victim to the largest theft of customer data from a financial institution in US history". businessinsider.com.
  15. ^ Whitehouse, Kaja (Dec 15, 2016). "Accused bank hacker claims Russia offered him asylum". nypost.com.
  16. ^ Kosman, Josh (2018-09-10). "Hacker behind largest breach in US history appears in court". Retrieved 2024-08-24.
  17. ^ "What happened in the JP Morgan Chase data breach? | Twingate". www.twingate.com. Retrieved 2024-11-03.