JPMorgan Data Breach due to Oversight of Simple Security Fix at Entry Point: Report
The data breach at JPMorgan Chase may have been averted if the bank had been farsighted and installed a basic security measure on the overlooked server in its massive network.
Earlier in October, the bank had disclosed the phone numbers, names, postal addresses and email ids of nearly 83 million account holders whose details were compromised and made vulnerable post the hacking, which compromised JPMorgan Chase's computer systems. However, it still remains unknown as to where the attack originated.
According to a New York Times report, "people who have been briefed on internal and outside investigations into the attack" have revealed the information pertaining to the basic security fix oversight. The publication's sources chose to remain anonymous as the investigation is ongoing.
"The weak spot at JPMorgan appears to have been a very basic one, the people said," reveals the New York Times.
So what was the Achilles heel for JPMorgan Chase? Apparently, the bank did not deploy a dual authentication system aka the two-factor authentication method, which is a second layer of security that requires the keying in of a second password. Post this authentication alone can one gain access into the protected system.
However, per the sources, the security team at the bank allegedly neglected upgrading of one of its networks with this two-factor authentication method. As a result, JPMorgan Chase was vulnerable to hacking.
The lapse on the security team's part is now apparently being reviewed by an internal committee, which is looking to find if any additional oversights or loopholes exist in JPMorgan Chase's massive network. The people in knowledge have also disclosed that the incident is seen as embarrassing by the bank.
Earlier in December, U.S. regulators expressed concern and revealed that they are increasing efforts to study the ability of financial institutions' security measures to fend of cyberattacks.