News

JPMorgan Breach Avoidable With Simple Security Fix

The largest bank breach to date at JPMorgan Chase could have been avoided if the bank had installed a simple security fix in a long overlooked server in its network, according to sources close to the bank.  
JPMorgan spends $250 million a year on compuer security to fend off complex and sophisticated hack attacks, though in this case the attack was neither of those things.  Cyber-criminals stole the login credentials for a bank employee, a method which still could have been thwarted except for the fact that JPMogan does not make use of a common two-factor authentication scheme. Such a plan would require a second one-time use password.

Unfortunately for the bank, their security team apparently neglected to upgrade one of its network servers with the dual password scheme, which was the opening hackers needed.

“These criminals accessed customer contact information, but no account information,” said Patricia Wexler, a bank spokeswoman. “We have seen no evidence of fraud as a result of this.”

The oversight is now the focus of an internal review at JPMorgan that seeks to identify whether there are any other unguarded holes in the bank’s vast network, several of the people briefed on the matter said, adding that, internally, the episode is seen as an embarrassment.

It is still not known where the attack originated.​

——————————

LIVE PYMNTS TV OCTOBER SERIES: POWERING THE DIGITAL SHIFT – B2B PAYMENTS 2021 

Banks, corporates and even regulators now recognize the imperative to modernize — not just digitize —the infrastructures and workflows that move money and data between businesses domestically and cross-border.

Together with Visa, PYMNTS invites you to a month-long series of livestreamed programs on these issues as they reshape B2B payments. Masters of modernization share insights and answer questions during a mix of intimate fireside chats and vibrant virtual roundtables.

Click to comment

TRENDING RIGHT NOW