The 2014 JPMorgan Chase data breach was a
cyberattack
A cyberattack (or cyber attack) occurs when there is an unauthorized action against computer infrastructure that compromises the confidentiality, integrity, or availability of its content.
The rising dependence on increasingly complex and inte ...
against American bank
JPMorgan Chase
JPMorgan Chase & Co. (stylized as JPMorganChase) is an American multinational financial services, finance corporation headquartered in New York City and incorporated in Delaware. It is List of largest banks in the United States, the largest ba ...
that is believed to have compromised data associated with over 83 million accounts—76 million households (approximately two out of three households in the country) and 7 million small businesses. The data breach is considered one of the most serious intrusions into an American corporation's information system and one of the largest data breaches in history.
The cyberattack
The attack—disclosed in September 2014—was discovered by the bank's security team in late July 2014, but not completely halted until the middle of August.
The bank declared that financial and login information associated with the accounts (such as social security numbers or passwords) were not compromised but names, email, postal addresses, and phone numbers of account holders were obtained by hackers, raising concerns of potential
phishing attacks.
The hackers obtained a list of JPMorgan's applications and programs, using it to identify vulnerabilities and gain entry.
The attack targeted nine other major financial institutions alongside
JPMorgan Chase
JPMorgan Chase & Co. (stylized as JPMorganChase) is an American multinational financial services, finance corporation headquartered in New York City and incorporated in Delaware. It is List of largest banks in the United States, the largest ba ...
.
As of October 9, the only other company believed to have had data stolen is
Fidelity Investments
Fidelity Investments, formerly known as Fidelity Management & Research (FMR), owned by FMR LLC and headquartered in Boston, Massachusetts, provides financial services. Established in 1946, the company is one of the largest asset managers in the ...
, but investigators reported that the attack attempted to infiltrate the networks of banks and financial companies such as
Citigroup
Citigroup Inc. or Citi (Style (visual arts), stylized as citi) is an American multinational investment banking, investment bank and financial services company based in New York City. The company was formed in 1998 by the merger of Citicorp, t ...
,
HSBC Holdings,
E*Trade
E*TRADE is an investment brokerage and electronic trading platform that operates as a subsidiary of Morgan Stanley.
History
In 1982, physicist William A. Porter and Bernard A. Newcomb founded TradePlus in Palo Alto, California, with $15,00 ...
,
Regions Financial Corporation
Regions Financial Corporation is an American bank holding company headquartered in the Regions Center in Birmingham, Alabama. The company provides retail and commercial banking, trust, stock brokerage, and mortgage services. Its banking subsi ...
and payroll-service firm
Automatic Data Processing
Automatic Data Processing, Inc. (ADP) is an American provider of human resources management software and services, headquartered in Roseland, New Jersey.
History
In 1949, Henry Taub founded Automatic Payrolls, Inc. as a manual payroll processin ...
(ADP).
The breach occurred at a time when consumer trust in digital security was already fragile due to recent breaches at major retailers.
Indictments and extradition
US federal indictments were issued against four hackers in the massive fraud in November 2015. Two Israelis indicted, Gery Shalon and Ziv Orenstein, were arrested in
Israel
Israel, officially the State of Israel, is a country in West Asia. It Borders of Israel, shares borders with Lebanon to the north, Syria to the north-east, Jordan to the east, Egypt to the south-west, and the Mediterranean Sea to the west. Isr ...
and were extradited to the U.S. in 2016, which was announced by Israel's Justice Ministry.
American hacker Joshua Samuel Aaron had also been part of the indictments.
They were charged with 23 counts of computer hacking affecting over 100 million customers. In 2017, Shalon pleaded guilty to all 23 counts and made a plea deal with prosecutors, which included forfeiting over $400 million. Orenstein avoided additional prison time in 2020 after a five-year course of cooperation with the authorities. Joshua Samuel Aaron was arrested in Dec 2016. A fourth individual, Andrei Tyurin ''(or Andrey Tiurin)'', was extradited to the US from the Republic of Georgia to face charges in 2018. He was sentenced to 12 years in prison in 2021.
JPMorgan Chase's Response
In response to the breach, JPMorgan Chase took several measures, such as doubling its annual security spending from $250 million in 2014 to $500 million within five years.
Also, the firm applied software updates to restrict unauthorized access and prevent further exposure of sensitive information.
References
External links
*https://www.justice.gov/opa/file/792651/download
*https://www.justice.gov/opa/file/792656/download
*https://www.justice.gov/usao-sdny/file/632156/download
*https://www.justice.gov/usao-sdny/press-release/file/1092376/download
*https://www.justice.gov/usao-sdny/press-release/file/1092381/download
{{Hacking in the 2010s
Cyberattacks on banking industry
2014 scandals
Corporate scandals
Data breaches in the United States
2014 data breach
Bank fraud