In what is becoming an all too common scenario, JP Morgan announced that the cyberattack, which was previously reported in July, affected millions of consumers and millions of small business owners. The admission was made public when the corporation officially reported the breach to the Securities and Exchange Commission.
The hack itself is a bit perplexing. However access to the account holder’s personal information is confirmed to have been achieved. This includes email addresses, physical addresses, and names. Fortunately other more valuable identification pieces, such as social security numbers, passwords, and birthdates, which are commonly targeted were not compromised. This information is usually desirable for hackers to be used in identity theft type activities. Additionally, no funds were taken out of any of the affected accounts.
Of considerable concern is the access which was needed to accomplish this breach. Administrative access, which is normally reserved for employees with high security levels, was required to gain this access. Over 90 of JP Morgan’s servers were breached using this administrative access. With this level of access, just about any action could have been taken while the hack was occurring. Actions such as moving funds, altering or closing accounts, were all possible, and yet none of these actions have been reported to date.
However, with all this access, it appears, according to the filing with the SEC, that no actions have been taken, no monies moved, and no illegal transactions identified. In essence, everything was accessed, but nothing was stolen. This unlimited access was desired for some purpose, perhaps to gain knowledge, but it is a mystery as to why no illegal transactions have been reported in the four months since the breach.
A breach of this kind makes it more likely that the access to information was a precursor to something yet to come. This breach could be the planning phase for a later action of a large nature. There is also some speculation that something or someone was being sought and the information was gained to assist in this search. It is still unclear what the end game of this breach was, but it would seem apparent that there was a reason that over 85 million consumers and businesses had their accounts open for perusal.
JP Morgan continues to monitor all activity on these accounts for whatever the end game might be, and it is recommended that consumers stay vigilant with their own accounts, as well.
CertainSafe™ knows how troublesome data breaches can be, and the impact they have on a company’s reputation, as well as on a company’s customers. CertainSafe™ has been developing cutting-edge software for more than 28 years, with 15 of those years spent designing technologically advanced solutions specifically geared toward security. Secure Cloud Systems™ has significant expertise and experience with payment data and Payment Card Industry (“PCI”) compliance. Our state-of-the-art proprietary solutions are unmatched in this space.
Additionally, our technological advances in non-payment data types, combined with our method for moving all data from CertainSafe™’s secure vault storage (which makes data safe, yet conveniently available to users in real time) is un-paralleled. For more information about Certainsafe and our data security technologies, visit our website at https://www.certainsafe.com/.