Chase Breach: Who Else Was Attacked?New Reports Say Others Were Probed, But No Data Taken
Citigroup Inc., E*Trade Financial Corp., Fidelity Investments, Regions Financial Corp., HSBC, Bank of the West and payroll services provider Automated Data Processing Inc. are now believed to have been probed by the same hackers that targeted JPMorgan Chase, according to news reports. But so far, none of those firms believes any of their data was compromised, although federal investigators are reportedly not entirely convinced.
Just days after news broke that nine unnamed financial services firms had allegedly been hit by the same hackers that compromised Chase, Bloomberg News, the Wall Street Journal and The New York Times reported that other financial-services firms had been linked to the same attack traffic patterns recorded by Chase after its network breach was discovered.The Times also reported that banks were sharing information behind the scenes about various attack patterns and that the White House had been closely following suspected attacks on banks since the summer, as tensions between the U.S. and Russia, as well as others, continue to rise. President Obama and his top national security advisers have been asking about the motive behind the attack on Chase, The Times reports, citing officials familiar with the White House briefings.
According to the news reports, once Chase confirmed the breach in September, federal investigators shared attack traffic patterns with other banking institutions. But only some of those institutions had reportedly seen similar traffic, such as Web addresses, hitting their networks that targeted Chase.
ADP spokesman Jim Duffy tells Information Security Media Group that the company's threat management experts "observed Internet-based traffic from those criminals allegedly reported to have recently attacked JPMC," but that ADP had not found any indication that the traffic was linked to a scan of ADP's network defenses.
"We will continue to utilize the information provided by members of the cyber-intelligence community with regards to the recent JPMC event and will update our cyber defenses as necessary," Duffy says.
And Fidelity Investments spokesman Vincent Loporchio, while not denying that Fidelity's network was probed, tells ISMG: "We have no indication that any Fidelity customer sites, accounts, information, services or systems were affected. Fidelity has a range of safeguards and multiple layers of security in place to protect customer accounts and information, our sites and systems. For security reasons, some of these protections are visible, some are not."
HSBC spokesman Rob Sherman did not specifically address the allegations of suspicious Web activity reported by The Times but said HSBC was actively involved in information sharing efforts with law enforcement and other banking institutions.
"HSBC takes its security and the security of its customer information very seriously," Sherman says. "We continue to monitor the situation closely, and are in touch with law enforcement and financial industry groups that collect and communicate cybersecurity information."
The other firms cited in news reports as being targeted by the same hackers that breached Chase did not respond to ISMG's request for comment.
SunTrust Bank, mentioned in some earlier news reports as a potential victim, tells ISMG that it does not believe it was "affected by the Chase breach."
Details about Chase Hack
Earlier this month, Chase confirmed that an attack waged against its network in June exposed personally identifiable information such as e-mail addresses and names linked to 76 million U.S. households and 7 million small businesses (see Chase Breach Affects 76 Million Households).
Industry experts in recent weeks have suggested that the attack against Chase was not isolated (see Chase Breach: Lessons for Banks).
Avivah Litan, an analyst at the consultancy Gartner, Julie Conroy, an analyst at the consultancy Aite Group, and Al Pascual, director of fraud and security at Javelin Strategy and Research, have all said that a nation-state is probably behind the attack.
Litan said the attack was likely waged by a Russian group with ties to the Russian government.
"They're not going to go after one bank," Litan told ISMG. "This all has very grave economic consequences. ... Personally, I think it's a nation-state trying to intimidate the United States, and in this case, it looks like there is a political motive."
Conroy says the attack highlights hackers' ever-increasing sophistication, which supports the notion of deep-pocket backing from a government or highly organized crime ring. "No bank can ever consider itself to be truly impervious to attack," she says.
But most security researchers contacted by ISMG have been reluctant to comment at length about the attack on Chase and the possibility that other leading U.S. firms have been targeted as well. Whether that's because they consider it to be an issue of national security - or just one that needs more research - is unclear.