After Breach, JPMorgan Still Seeks to Determine Extent of Attack
Nicole Perlroth and Matthew Goldstein report:
The headache caused by the attack on JPMorgan Chase’s computer network this summer may not go away anytime soon.
Over two months, hackers gained entry to dozens of the bank’s servers, said three people with knowledge of the bank’s investigation into the episode who spoke on the condition of anonymity. This, they said, potentially gave the hackers a window into how the bank’s individual computers work.
They said it might be difficult for the bank to find every last vulnerability and be sure that its systems were thoroughly secured against future attack.
The hackers were able to review information about a million customer accounts and gain access to a list of the software applications installed on the bank’s computers. One person briefed said more than 90 of the bank’s servers were affected, effectively giving the hackers high-level administrative privileges in the systems.[…]
A fourth person with knowledge of the matter, also speaking on condition of anonymity, said hackers had not gained access to account holders’ financial information or Social Security numbers, and may have reviewed only names, addresses and phone numbers.
Read more on NY Times.