Citi, Regions, E*Trade, ADP May Have Been Targeted by J.P. Morgan Hackers

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://online.wsj.com/articles/citigroup-regions-financial-e-trade-adp-saw-traffic-linked-to-j-p-morgan-hackers-1412783395

Citigroup Inc. and E*Trade Financial Corp. are among the financial
institutions that may have been targeted by the same hackers who broke into
J.P. Morgan Chase & Co.’s computer network earlier this year, according to
people familiar with the matter.

While the companies, which also include payroll processor Automatic Data
Processing Inc. and Regions Financial Corp., believe they weren’t breached,
they did see traffic allegedly linked to hackers who compromised data at
J.P. Morgan this summer, people close to the issue said.

The Wall Street Journal reported Monday that hackers who targeted J.P.
Morgan’s computer network earlier this year also tried to infiltrate a
number of other financial institutions, but those firms believe they were
unsuccessful, people familiar with the investigation have said. The range
of other companies that hackers may have tried to compromise reveals their
interest in various U.S. financial institutions, from large global banks to
regional firms to technology-focused financial companies.

The traffic at the four firms, which hasn’t been disclosed previously,
follows a cyberattack on J.P. Morgan this summer, resulting in compromised
contact information for millions of customers including names, email
addresses and phone numbers but not Social Security numbers, dates of birth
or passwords, the bank has said. It is unclear how many other firms have
experienced such traffic.

In September federal officials, including those from the Federal Bureau of
Investigation and the Department of Homeland Security, distributed
information about the hackers’ “signatures” to a variety of financial
institutions, people familiar with the matter have said.

A number of financial institutions responded that they had seen traffic
from the suspect computer addresses linked to the hackers, but that they
didn’t believe they had been infiltrated, the people said.

Rather, the hackers, whose identity remains unknown, appeared to be
“probing,” or searching for weaknesses on the firms’ digital perimeters.
This happens regularly, sometimes daily at institutions, but the attention
to these probes are heightened given the suspected connection to the J.P.
Morgan incident.

“Although ADP threat management experts observed internet-based traffic
from those criminals allegedly reported to have recently attacked JPMC, we
have not observed any issues associated with such scanning of our
defenses,” ADP said in a statement, referring to J.P. Morgan Chase. “We
will continue to utilize the information provided by members of the
cyberintelligence community with regards to the recent JPMC event and will
update our cyber defenses as necessary.”

The information, which the government said could only be shared on a
“need-to-know” basis, asked recipients if they had been affected.

People familiar with the investigation have said this wasn't the only such
memo passed on to other financial institutions regarding J.P. Morgan’s
cyberattack. Investigations into the matter are ongoing.

Last week, J.P. Morgan said that contact information had been compromised
for about 76 million households world-wide by the hacking incident, a
number roughly equivalent to two-thirds of U.S. households. The break-in
was first disclosed in August, but more details were released last week,
including the breadth of the stolen information, which included names,
phone numbers and email addresses of customers.

Customer money is “safe,” the bank said in a statement to customers last
week, also reiterating it hadn’t seen unusual levels of fraud since the
attack.

The episode also illustrates the daily threats America’s financial system
faces in the Internet age. Malicious actors systematically are looking for
ways to gain access to sensitive data.

After the J.P. Morgan incident became public in late August, the
financial-services sector moved to determine whether other firms were
affected. J.P. Morgan has said it continues to work with law enforcement on
the matter.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!