J.P. Morgan found hackers through breach of corporate event website: WSJ

Reuters News
|
Posted: Oct 31, 2014 9:02 PM

(Reuters) - J.P. Morgan Chase & Co learned about hackers who stole the bank's contact information for 76 million households and 7 million small businesses through a corporate event that it sponsors, the Wall Street Journal reported, citing people familiar with the matter.

According to the report, the bank discovered that the intruders had used some of the same offshore servers to hack both the bank and the website of the J.P. Morgan Corporate Challenge.

It was not clear when the bank might have discovered the problem had the hackers not used the same I.P. addresses to launch cyberattacks on both the bank and the Corporate Challenge race websites, WSJ reported, citing people briefed on the matter.

The Corporate Challenge website, operated by Simmco Data Systems, was later taken offline after the hacking of the site was discovered, WSJ reported.

According to the report, the website has been restored by the bank ahead of upcoming races in Shanghai and Singapore, but has moved the payments to a Chase website.

Officials at J.P. Morgan Chase were not available for comment.

The hackers had originally gained access to the bank's network by compromising the computer an employee with special privileges used both at work and at home and then moved across the bank's network to access contact data, the paper reported.

Earlier this month, Reuters had reported that two U.S. states were investigating the theft of customer records in a massive cyberattack uncovered over the summer.

(Reporting by Anjali Rao Koppala in Bangalore; Editing by Ken Wills)