Over the course of three months this summer, hackers breached JPMorganChase's servers and proceeded to steal contact information from upwards of 83 million users. The scope of the attack was recently made public as part of an SEC filing from JP Morgan. While particularly sensitive financial data, such as social security numbers and credit card accounts, weren't compromised, the hackers did make away with account names, addresses, and email addresses.
Still, the scope of the break in, at one of the nation's top banks no less, has understandably created a wave of concern throughout the financial industry. Since the hack was discovered, JP Morgan has worked with intelligence agencies and the Secret Service to figure out what exactly happened. Naturally, many have been wondering just who exactly was behind the attack.
In this regard, a number of security experts have been vocal in stating that this was likely a politically based attack, in large part due to the fact that there doesn't seem to have been any underlying profit motive.
Now comes word via the New York Times that Russian hackers with loose affiliations to the Russian Government were behind the break-in.
Questions over who the hackers are and the approach of their attack concern government and industry officials. Also troubling is that about nine other financial institutions — a number that has not been previously reported — were also infiltrated by the same group of overseas hackers, according to people briefed on the matter. The hackers are thought to be operating from Russia and appear to have at least loose connections with officials of the Russian government, the people briefed on the matter said.
Meanwhile, JP Morgan issued a statement on the matter last week. It reads:
We want to update you further on the cyber attack against our company. After extensive review, here is what our forensic investigation has found to date.
Here’s what you should know now:
There is no evidence that your account numbers, passwords, user IDs, date of birth or Social Security number were compromised during this attack.
However, your contact information – name, address, phone number and email address – was compromised.