There are reports that JPMorgan Chase and a number of other US financial institutions have been breached at a very deep level. The attack is more concerning than most because it seems the hackers were able to steal checking and savings account information that makes customers much more vulnerable than your typical credit card data breach.
I wrote about the investigation into the attacks in this blog post:
The FBI is working with the US Secret Service to investigate reports that JPMorgan Chase, and other financial institutions have been breached by hackers. Preliminary information suggests that the attacks are sophisticated, but details are still sketchy.
It seems that the attackers were able to exfiltrate gigabytes of sensitive customer banking information. Consumers have more or less gotten used to credit card data breaches, but a breach of actual checking and savings account details has much graver consequences.
“With correct account information criminals can initiate wire transfers that completely clean out accounts; the bad news is that wire transfer consumer protection is not as favorable for consumers as credit card protections,” stressed Lamar Bailer, director of security research and development for Tripwire. “For example, financial institutions can take up to 90 days to investigate and rule on wire transfer disputes.”
Craig Young, a security researcher with Tripwire, explained, “Traditional checking accounts are perhaps the weakest link in the American banking system. Consumer need to use far more caution when paying by check or storing images of checks because the routing (ABA) and account numbers are all a thief needs to start stealing money. Web checks make these problems even worse because then thieves don’t even need to print fake checks or venture to a store in person.”
Check out the full story at CSOOnline: JPMorgan Chase and other financial institutions hacked.
- Tackling Swivel Chair Syndrome - November 14, 2024
- Unlocking Proactive Compliance with Adobe’s Common Controls Framework - October 14, 2024
- Unlocking the Power of Continuous Threat Exposure Management - October 8, 2024