To the extent that the lack of evidence can suggest anything, the FBI is saying that the cyberthieves who attacked J.P. Morgan Chase did not continue their assaults any other big U.S. banks. Or, if they did attempt such attacks, those attempts were unsuccessful.
“The government investigates multiple computer-security threats against banks on a constant basis, but so far hasn’t discovered anything linking the Chase attack—which was first detected about two months ago and which officials have described as significant and egregious—to any similar type of penetration against other banks,” the Wall Street Journal reported. The attackers, “who employed at least one tool previously used against financial institutions, gained access to some account-related data. But J.P. Morgan has said it isn’t experiencing unusual amounts of fraud, and two people briefed on the investigation said consumers likely don’t face a serious risk.”
The panic in the payment sector after the disclosure of the Chase attack complicated the efforts to establish the scope of the attack. Initially, the story said, investigators saw suspicious activity at other banks and linked the two. But further analysis determined that the threats were unrelated.
“Confusion was added as numerous other financial institutions asked investigators for details on the J.P. Morgan hack. Some took this as an indication these banks may have faced a similar attack, a person familiar with the matter said,” the story reported. “The assertion shows the difficulty investigators face after a cyberattack first comes to light. The digital evidence trail left after an attack often takes time to decipher. Just because two similar organizations were attacked, doesn’t mean they were hit by the same group.”