Unfortunately for the bank, their security team apparently neglected to upgrade one of its network servers with the dual password scheme, which was the opening hackers needed.
“These criminals accessed customer contact information, but no account information,” said Patricia Wexler, a bank spokeswoman. “We have seen no evidence of fraud as a result of this.”
The oversight is now the focus of an internal review at JPMorgan that seeks to identify whether there are any other unguarded holes in the bank’s vast network, several of the people briefed on the matter said, adding that, internally, the episode is seen as an embarrassment.
It is still not known where the attack originated.