As more details emerge about the cyberattack on JPMorgan Chase back in July, it seems as if the threat was much larger than spokespeople for the bank or investigators initially let on.
According to The New York Times, the hackers managed to impact more than 83 million households and businesses. This makes the attack one of the most severe computer intrusions into an American corporation in recent years.
While JPMorgan did alert its customers that their files had been hacked, there turned out to be quite a bit of information that was not shared by JPMorgan or investigators.
On Thursday, it was revealed that nine other major institutions were impacted by the attack. This number was not initially reported.
The identities of these institutions have not been released, and it is unclear if the attacks were as severe as the one on JPMorgan.
What is clear, however, is that intelligence in Washington is actually more concerned than they let on in the past.
Authorities have not confirmed a motive for the attack or the identity of the hackers, but their current theories are enough to leave major banks concerned.
The New York Times reports that the hackers are believed to be working out of Russia and have at least some loose connection to the Russian government.
With that knowledge, it is possible that the hack was a display of power or a possible “retaliation for the sanctions” placed on Russia, one senior official who was briefed on the incident pointed out.
“But it could be mixed motives – to steal if they can, or to sell whatever information they could glean,” the senior official added.
The official did explain that these theories have not been proven just yet.
“We have been wrong before,” he said.
Spokespeople for JPMorgan announced that all the information is believed to be secure again, but New York’s top financial regulation still believes there needs to be a greater sense of urgency regarding the hackers.
It turns out the hackers had access to JPMorgan databases weeks before it was announced to its customers.
Even more troubling, for some consumers, is the fact that there are currently no regulations that would require JPMorgan or any other financial institution to do so.
“Banks are not required to report data breaches and online intrusions unless the incident is deemed to have resulted in a financial loss to customers,” The New York Times reports. “Breach notification laws differ by state, but most laws require only that companies disclose a breach if customer names were stolen in conjunction with other information like a credit card, Social Security number or driver’s license number.”
Currently, spokespeople for the bank are focused on assuring customers that their most private information is still safe and secure and that the threat has supposedly been eliminated.
“To date, we have not seen any unusual fraud activity related to this incident,” said Kristin Lemkaue, a bank spokeswoman. “We have identified and closed the known access paths. We have no evidence that the attackers are still in our system. We have apologized to our customers.”