JPMorgan Hackers Targeted Weakest Security Link

An easily avoided security lapse -- failure to use two-factor authentication -- is being blamed for the massive computer breach that hit JPMorgan Chase this past summer, according to a report in The New York Times. Citing unnamed sources "who have been briefed on internal and outside investigations into the attack," the article said the lapse left vulnerable a single overlooked server on the bank's vast network.

First reported by Bloomberg News on Aug. 27, the JPMorgan Chase breach was detected in late July, according to news reports. However, the hackers apparently first gained access to the bank's networks in June.

Launched after hackers obtained login credentials for a bank employee, the attack did not lead to any known instances of fraudulent financial activity, banks spokespeople have said. As The New York Times reported, "The bank maintains that the damage to customers was limited to the theft of email passwords, home addresses and phone numbers."

Multimillion-Dollar Lapses

The revelation that failure to use two-factor authentication led to the JPMorgan Chase breach underscores the reality that some IT security lapses could be prevented by taking basic precautions. Another hack revealed earlier this month, this one on the Las Vegas Sands Corp. and its casinos, got a similar start after hackers apparently managed to access the login information for a computer engineer who worked at the company's headquarters.

The cost of the Sands hacking is estimated at more than $40 million in repair and recovery efforts. The most recent high-profile attack on Sony Pictures is likely to carry an even steeper price tag, with some estimates putting the damage at $70 million or more in direct losses alone.

Other major security breaches over the past several years have proven even more costly. Last year's holiday-season hack on Target, for instance, is expected to...

Comments are closed.