The security breach which affected JPMorgan Chase & Co earlier this year could have been avoided if the bank had employed a simple security fix to a server in its vast network, claims new report.
In October, JPMorgan Chase was hit by one of the biggest data breaches in history which exposed names, addresses, phone numbers and email addresses of the holders of some 83 million accounts when the bank’s computer systems were compromised by hackers.
According to a The New York Times report, citing people briefed on internal and outside investigations into the attack, JPMorgan’s security team had apparently neglected to upgrade one of its network servers with a double authentication scheme, known as two-factor authentication, which left the bank vulnerable to intrusion. The dual password scheme requires a second one-time password to gain access to a protected system.
JPMorgan is now focusing on an internal review that seeks to identify whether there are any other unguarded holes in the bank’s vast network, several of the people briefed on the matter said.
Security experts claim that it has become nearly impossible for banks of JPMorgan’s size to secure their networks, particularly as they integrate the networks of companies they acquire with their own.
The bank maintains that the damage to customers was limited to the theft of email passwords, home addresses and phone numbers. It is still not known where the attack originated.
“These criminals accessed customer contact information, but no account information,” said Patricia Wexler, a bank spokeswoman.
“We have seen no evidence of fraud as a result of this.”
JPMorgan has also set up a business control group of about a dozen cybersecurity and technology experts to prevent occurrence of any such data attacks in future.
