The attack by hackers who hit JPMorgan Chase & Co. (NYSE:JPM) was apparently broader and more sophisticated than first reported, as they are now said to have used computers now linked to possible attacks on at least 13 more financial companies. Citing a person familiar with the developments, Bloomberg reports that the perpetrators attempted a broad campaign in an effort to send shudders through Wall Street.
Hackers’ attack on JPMorgan
In what could be one of the largest thefts on record, last week, JPMorgan Chase & Co. (NYSE:JPM) said the names, addresses, telephone numbers and email addresses of 76 million households had been compromised by a cyber-attack. The hack has JPMorgan “scrambling to contain the fallout,” which was described as a breach of its vast computer network from people in Italy or southern Europe.
Citing several people familiar with the matter, Michael Riley and Jordan Robertson of Bloomberg report that the hacking group set its sights on leading financial companies, including Citigroup Inc. (NYSE:C), HSBC Holdings plc (ADR) (NYSE:HSBC) (LON:HSBA), E TRADE Financial Corporation (NASDAQ:ETFC), Regions Financial Corp (NYSE:RF) and the payroll firm Automatic Data Processing (NASDAQ:ADP). Signs of intruders were found in computers or logged by protective technology that effectively stopped the hackers.
After the JPMorgan Chase & Co. (NYSE:JPM) hack emerged on Aug. 27, U.S. officials said the attackers had targeted at least four other financial companies. However, the number of companies said to have been at least probed by the hackers has ballooned rapidly as the total number has risen from 10 to 14 in just the last few days.
The JP Morgan incident underscores that the process of collating data can still be challenging, hindered by a widespread concern among companies that they will be open to lawsuits or brand damage if a hack is exposed.
However, different signals emerge from various reports on the hacking. For instance, some reports indicate that the hackers tried to break into Citigroup Inc. (NYSE:C) this year, but failed. Data on the hackers from the JPMorgan Chase & Co. (NYSE:JPM) breach also included information about malware taken from the bank’s network.
As companies scoured computer logs, some found that their servers were connecting to certain IP addresses. However, it is felt that some of these connections may amount to legitimate Internet traffic rather than hacking.
For instance, ADP said in a statement: “Although ADP threat management experts observed Internet-based traffic from those criminals allegedly reported to have recently attacked JPMC, we have not observed any issues associated with such scanning of our defenses”.
Quoting two people familiar with the matter, the Financial Times reports that Fidelity Investments was one of the 13 financial institutions attacked by hackers who are believed to be the same group that stole customer information from JPMorgan Chase & Co.