Banking Blog

Finance Blogs » Banking Blog » Cyberattack hits Chase, other banks

Cyberattack hits Chase, other banks

By Allison Ross ·
Thursday, August 28, 2014
Posted: 1 pm ET

A number of U.S. banks, including JPMorgan Chase & Co., were hit earlier this month by cyberattacks, according to published reports.

"We are working with the United States Secret Service to determine the scope of recently reported cyberattacks against several American financial institutions," the FBI said in a statement to Bankrate and other media outlets. "Combating cyberthreats and criminals remains a top priority for the United States government, and we are constantly working with American companies to fight cyberattacks."

© Tim Clayton/TIM CLAYTON/Corbis

So what happened? Bloomberg News, which first reported the attack, says Russian hackers attacked U.S. financial institutions, stealing "gigabytes of data" that included "sensitive data from the files of bank employees, including executives."

Other reports say security experts have not concluded the attack were made by Russians. The New York Times says the data stolen in "sophisticated cyberattack" includes checking account and savings account information.

"It's a bit too early to tell what exactly is going on," says Julie Conroy, a research director with Aite Group which monitors banking and fraud. She says early reports of the attack "point to a level of sophistication typically associated with nation-state involvement," and that early indications are that this is not an attack motivated by simply stealing consumer data to sell on the black market.

Security is difficult as attacks become increasingly sophisticated

Conroy says that Chase, which is listed in the reports as a victim in the attack, has one of the more sophisticated security systems. "But the cybercriminals behind the attacks face little in the way of consequences and are continually ramping up the sophistication of their attacks," she says.

"This is a prime example of how difficult it is to be in charge of info-security for a bank of any size, when you're tasked with warding off thousands of attacks from not only criminals bent on financial gain, but also nation-states looking for trade secrets and hacktivists with a political agenda," Conroy says.

Neal O'Farrell, chief executive of Privide Inc., a company specializing in protecting high net-worth consumers, says this attack is another example of why companies should stay on top of the latest security measures.

"No matter how smart we think we are, we're being outgunned every day by cybercrooks, some of them as young as 17," he says. "That's pretty sobering."

Chase spokeswoman Patricia Wexler said that "companies of our size unfortunately experience cyberattacks nearly every day. "We have multiple layers of defense to counteract any threats and constantly monitor fraud levels."

Chase says it has not seen any unusual fraud activity at this time. It says it will contact anyone who may have been affected by the cyberattack as it learns more and urges customers to -- as always -- contact the bank if they see suspicious activity on their accounts.

What consumers can do

The news about this latest cyberattack is still coming out, so consumers should watch for updates and pay attention to any messages from their banks.

In the meantime, consumers should use this news to their advantage to remember to always be vigilant about their checking accounts and savings accounts in case of an attack. Set up alerts, monitor online billing statements and accounts for suspicious charges, and be sure to notify the bank or card issuer immediately if something doesn't look right.

"If consumer data was implicated -- and that appears to still be an 'if', a consumer's best bet is to monitor his or her online banking statements and quickly report any unusual activity," Conroy says. "Consumers should be making this a regular practice regardless, because they are far more likely to see their cards compromised in the merchant breaches that are now making a weekly appearance in the headlines."

Indeed, Conroy pointed to recent reports about a phishing campaign against Chase customers as well as a confirmation today from frozen treat maker Dairy Queen that it may have had a data breach.

For more, see Bankrate's recent report about a possible Goodwill data breach.

Follow me on twitter: @allisonsross.

Bankrate wants to hear from you and encourages comments. We ask that you stay on topic, respect other people's opinions, and avoid profanity, offensive statements, and illegal content. Please keep in mind that we reserve the right to (but are not obligated to) edit or delete your comments. Please avoid posting private or confidential information, and also keep in mind that anything you post may be disclosed, published, transmitted or reused.

By submitting a post, you agree to be bound by Bankrate's terms of use. Please refer to Bankrate's privacy policy for more information regarding Bankrate's privacy practices.
September 07, 2014 at 5:09 pm

August 30, 2014 at 1:14 pm

Re: why can we not find out which other banks are affected?

Julie, it's a deep dark Ill-lume-E-knotty secret

September 07, 2014 at 11:20 am

and yet we continue to offshore our intellectual property to the exact same group of crooks who are attacking us.

August 31, 2014 at 9:12 am

Open. My. Acct. Checking. Call. Me. At. 2023215272

August 31, 2014 at 9:05 am

"A number of U.S. banks ..." generally indicates more than two. This article and others have only named Chase and JP Morgan. We clients of other banks need to know which other banks have been breached. Please identify them!

August 30, 2014 at 1:14 pm

why can we not find out which other banks are affected?