A major cyberattack thought to have originated in Russia hit JPMorgan Chase and at least four other banks, apparently in mid-August.
The attack, according to a U.S. official, was not a mere denial of service attack that shut down the bank’s website for a few hours, but was an actual breach that gained account information and could potentially lead to funds being removed from accounts. The attackers gained access to “gigabytes of data,” according to Bloomberg.
How could this happen to one of the world’s largest and most technologically sophisticated banks? Blame an employee’s PC.
Sources close to the investigation said the evidence indicated malware on an employee’s personal computer enabled the hackers to penetrate the bank’s network, according to security firm KnowBe4. The company emphasizes that employees are often the weak link in even the most secure networks: “The bad guys go after your employees, because they are easy to trick with social engineering”
Security flaws in employee devices, including the ubiquitous smartphone, are an area of intense concern to banks, but denying employees access to bank systems on personal devices is nearly impossible in today’s work environment, where the barriers between personal and professional are rapidly crumbling. (See: BYOD.)
Breaches of banks are rare, since security — and protecting deposited funds — is of paramount concern to financial institutions. JPMorgan may have been targeted because of its high-profile role in denying a payment from the Russian embassy this spring as part of sanctions against Russians banks due to the ongoing conflict in Ukraine.
The FBI and other government investigative agencies are currently looking into the breach, which means public information is limited.
JPMorgan CEO Jamie Dimon warned investors during the bank’s most recent earnings call that attacks against the bank had increased lately. “Companies of our size unfortunately experience cyber attacks nearly every day,” said Patricia Wexler, a JPMorgan spokeswoman.