BreachExchange mailing list archives
Citi, Regions, E*Trade, ADP May Have Been Targeted by J.P. Morgan Hackers
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Wed, 8 Oct 2014 20:38:30 -0600
http://online.wsj.com/articles/citigroup-regions-financial-e-trade-adp-saw-traffic-linked-to-j-p-morgan-hackers-1412783395 Citigroup Inc. and E*Trade Financial Corp. are among the financial institutions that may have been targeted by the same hackers who broke into J.P. Morgan Chase & Co.’s computer network earlier this year, according to people familiar with the matter. While the companies, which also include payroll processor Automatic Data Processing Inc. and Regions Financial Corp., believe they weren’t breached, they did see traffic allegedly linked to hackers who compromised data at J.P. Morgan this summer, people close to the issue said. The Wall Street Journal reported Monday that hackers who targeted J.P. Morgan’s computer network earlier this year also tried to infiltrate a number of other financial institutions, but those firms believe they were unsuccessful, people familiar with the investigation have said. The range of other companies that hackers may have tried to compromise reveals their interest in various U.S. financial institutions, from large global banks to regional firms to technology-focused financial companies. The traffic at the four firms, which hasn’t been disclosed previously, follows a cyberattack on J.P. Morgan this summer, resulting in compromised contact information for millions of customers including names, email addresses and phone numbers but not Social Security numbers, dates of birth or passwords, the bank has said. It is unclear how many other firms have experienced such traffic. In September federal officials, including those from the Federal Bureau of Investigation and the Department of Homeland Security, distributed information about the hackers’ “signatures” to a variety of financial institutions, people familiar with the matter have said. A number of financial institutions responded that they had seen traffic from the suspect computer addresses linked to the hackers, but that they didn’t believe they had been infiltrated, the people said. Rather, the hackers, whose identity remains unknown, appeared to be “probing,” or searching for weaknesses on the firms’ digital perimeters. This happens regularly, sometimes daily at institutions, but the attention to these probes are heightened given the suspected connection to the J.P. Morgan incident. “Although ADP threat management experts observed internet-based traffic from those criminals allegedly reported to have recently attacked JPMC, we have not observed any issues associated with such scanning of our defenses,” ADP said in a statement, referring to J.P. Morgan Chase. “We will continue to utilize the information provided by members of the cyberintelligence community with regards to the recent JPMC event and will update our cyber defenses as necessary.” The information, which the government said could only be shared on a “need-to-know” basis, asked recipients if they had been affected. People familiar with the investigation have said this wasn't the only such memo passed on to other financial institutions regarding J.P. Morgan’s cyberattack. Investigations into the matter are ongoing. Last week, J.P. Morgan said that contact information had been compromised for about 76 million households world-wide by the hacking incident, a number roughly equivalent to two-thirds of U.S. households. The break-in was first disclosed in August, but more details were released last week, including the breadth of the stolen information, which included names, phone numbers and email addresses of customers. Customer money is “safe,” the bank said in a statement to customers last week, also reiterating it hadn’t seen unusual levels of fraud since the attack. The episode also illustrates the daily threats America’s financial system faces in the Internet age. Malicious actors systematically are looking for ways to gain access to sensitive data. After the J.P. Morgan incident became public in late August, the financial-services sector moved to determine whether other firms were affected. J.P. Morgan has said it continues to work with law enforcement on the matter.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Citi, Regions, E*Trade, ADP May Have Been Targeted by J.P. Morgan Hackers Audrey McNeil (Oct 17)