The JP Morgan Cyber Attack
Cost, Details and How Big Banks Respond to Cyber Hacks and Threats
Who was cyber attacked?
In 2014, J.P. Morgan Chase reported a hack that impacted 7 million small businesses and as many as 80 million individuals.
What and where was the cyber hack?
The cyber attack on JP Morgan took place against their servers, causing a data breach and substantial losses.
How could the attack been prevented?
JP Morgan should have invested more money in cybersecurity - proactively, rather than using defensive measures. We've listed the best cybersecurity startups in America, and in fact, invested in quite a few of the top cybersecurity companies.
Transcript and Speech on the JP Morgan Cyber Attack - by Cybersecurity expert & Venture Capital Investor, Ross Blankenship
The J.P. Morgan cyber attack was one of the largest in the sense of not just the volume of people's data that was stolen, but it was in terms of the impact. This cyber attack on JP Morgan Chase took place in the spring of 2014. The way in which the attackers, who they believe are potentially Russian-backed state sponsored cyber attackers, were able to attack were first. They stole the employee credentials for one of the IT specialists at JP Morgan. Once they stole this person's credentials, they were able to log into a server.
Pretty much all of the customer data there. One of the servers, of many of hundreds they have, did not have what's called 2 factor authentication, or multi-factor authentication. In other words, in order to log in, for single factor you have a log in, a username and a password. Multi-factor, you do the username, password, hopefully a complex password, and them they also, maybe, text you with a special code or you might have a USB ... A little USB card that sends a code directly to or does a random password generator.
One of the IT specialists had not put the multi-factor authentication on this server. The problem with that simple thing is that, hundreds of thousands of customer's data were stolen. I don't think they were password stolen, but these were financial records, first names, last names. Data that could be used to take out a mortgage, could be put on the black market in Russia to sell on the forums that spammers use.
So, it's a pretty big attack on the American soil. The implication here is two-fold. On one hand, JP Morgan was actually spending up to 250 million dollars a year on cyber security. That's a lot of money even though JP Morgan has a market cap in the billions of dollars. 250 million dollars in a lot of money and that's a solid commitment, but simple mistakes can have a huge impact. In our book Cyber Nation, we talk about simple cybersecurity recommendations for companies, some that you often times over look. I think that's the moral, the lesson of this story behind JP Morgan. It can still happen, and don't overlook the small details; those can come back to bite you.