2014 JPMorgan Chase Data Breach
   HOME

TheInfoList



OR:

The 2014 JPMorgan Chase data breach was a
cyberattack A cyberattack (or cyber attack) occurs when there is an unauthorized action against computer infrastructure that compromises the confidentiality, integrity, or availability of its content. The rising dependence on increasingly complex and inte ...
against American bank
JPMorgan Chase JPMorgan Chase & Co. (stylized as JPMorganChase) is an American multinational financial services, finance corporation headquartered in New York City and incorporated in Delaware. It is List of largest banks in the United States, the largest ba ...
that is believed to have compromised data associated with over 83 million accounts—76 million households (approximately two out of three households in the country) and 7 million small businesses. The data breach is considered one of the most serious intrusions into an American corporation's information system and one of the largest data breaches in history.


The cyberattack

The attack—disclosed in September 2014—was discovered by the bank's security team in late July 2014, but not completely halted until the middle of August. The bank declared that financial and login information associated with the accounts (such as social security numbers or passwords) were not compromised but names, email, postal addresses, and phone numbers of account holders were obtained by hackers, raising concerns of potential phishing attacks. The hackers obtained a list of JPMorgan's applications and programs, using it to identify vulnerabilities and gain entry. The attack targeted nine other major financial institutions alongside
JPMorgan Chase JPMorgan Chase & Co. (stylized as JPMorganChase) is an American multinational financial services, finance corporation headquartered in New York City and incorporated in Delaware. It is List of largest banks in the United States, the largest ba ...
. As of October 9, the only other company believed to have had data stolen is
Fidelity Investments Fidelity Investments, formerly known as Fidelity Management & Research (FMR), owned by FMR LLC and headquartered in Boston, Massachusetts, provides financial services. Established in 1946, the company is one of the largest asset managers in the ...
, but investigators reported that the attack attempted to infiltrate the networks of banks and financial companies such as
Citigroup Citigroup Inc. or Citi (Style (visual arts), stylized as citi) is an American multinational investment banking, investment bank and financial services company based in New York City. The company was formed in 1998 by the merger of Citicorp, t ...
, HSBC Holdings,
E*Trade E*TRADE is an investment brokerage and electronic trading platform that operates as a subsidiary of Morgan Stanley. History In 1982, physicist William A. Porter and Bernard A. Newcomb founded TradePlus in Palo Alto, California, with $15,00 ...
,
Regions Financial Corporation Regions Financial Corporation is an American bank holding company headquartered in the Regions Center in Birmingham, Alabama. The company provides retail and commercial banking, trust, stock brokerage, and mortgage services. Its banking subsi ...
and payroll-service firm
Automatic Data Processing Automatic Data Processing, Inc. (ADP) is an American provider of human resources management software and services, headquartered in Roseland, New Jersey. History In 1949, Henry Taub founded Automatic Payrolls, Inc. as a manual payroll processin ...
(ADP). The breach occurred at a time when consumer trust in digital security was already fragile due to recent breaches at major retailers.


Indictments and extradition

US federal indictments were issued against four hackers in the massive fraud in November 2015. Two Israelis indicted, Gery Shalon and Ziv Orenstein, were arrested in
Israel Israel, officially the State of Israel, is a country in West Asia. It Borders of Israel, shares borders with Lebanon to the north, Syria to the north-east, Jordan to the east, Egypt to the south-west, and the Mediterranean Sea to the west. Isr ...
and were extradited to the U.S. in 2016, which was announced by Israel's Justice Ministry. American hacker Joshua Samuel Aaron had also been part of the indictments. They were charged with 23 counts of computer hacking affecting over 100 million customers. In 2017, Shalon pleaded guilty to all 23 counts and made a plea deal with prosecutors, which included forfeiting over $400 million. Orenstein avoided additional prison time in 2020 after a five-year course of cooperation with the authorities. Joshua Samuel Aaron was arrested in Dec 2016. A fourth individual, Andrei Tyurin ''(or Andrey Tiurin)'', was extradited to the US from the Republic of Georgia to face charges in 2018. He was sentenced to 12 years in prison in 2021.


JPMorgan Chase's Response

In response to the breach, JPMorgan Chase took several measures, such as doubling its annual security spending from $250 million in 2014 to $500 million within five years. Also, the firm applied software updates to restrict unauthorized access and prevent further exposure of sensitive information.


References


External links

*https://www.justice.gov/opa/file/792651/download *https://www.justice.gov/opa/file/792656/download *https://www.justice.gov/usao-sdny/file/632156/download *https://www.justice.gov/usao-sdny/press-release/file/1092376/download *https://www.justice.gov/usao-sdny/press-release/file/1092381/download {{Hacking in the 2010s Cyberattacks on banking industry 2014 scandals Corporate scandals Data breaches in the United States 2014 data breach Bank fraud