JPMorgan Breach Avoidable With Simple Security Fix

The largest bank breach to date at JPMorgan Chase could have been avoided if the bank had installed a simple security fix in a long overlooked server in its network, according to sources close to the bank.  
JPMorgan spends $250 million a year on compuer security to fend off complex and sophisticated hack attacks, though in this case the attack was neither of those things.  Cyber-criminals stole the login credentials for a bank employee, a method which still could have been thwarted except for the fact that JPMogan does not make use of a common two-factor authentication scheme. Such a plan would require a second one-time use password.

Unfortunately for the bank, their security team apparently neglected to upgrade one of its network servers with the dual password scheme, which was the opening hackers needed.

“These criminals accessed customer contact information, but no account information,” said Patricia Wexler, a bank spokeswoman. “We have seen no evidence of fraud as a result of this.”

The oversight is now the focus of an internal review at JPMorgan that seeks to identify whether there are any other unguarded holes in the bank’s vast network, several of the people briefed on the matter said, adding that, internally, the episode is seen as an embarrassment.

It is still not known where the attack originated.​