The number of JPMorgan hackers’ targets rises

The distressing news that the JPMorgan Chase breach resulted in the compromise of data of some 76 million households and 7 million small businesses may be soon followed by more unwelcome announcements of the same kind.

Earlier this month NYT sources said that the hackers successfully targeted nine other US financial institutions. They also said that the attackers are believed to be from Russia, and appear to have “loose connection” with Russian government officials.

The (unofficial) number of other targeted US financial firms has risen in the meantime, and individuals familiar with the investigation point to US mutual fund company Fidelity Investments as one of the potential victims.

“We have no indication that any Fidelity customer sites, accounts, information, services or systems were affected by this matter,” a Fidelity spokesman commented.

“We take security very seriously and closely monitor the online environment. Fidelity has a range of safeguards and multiple layers of security in place to protect customer accounts and information, our sites, and systems. For security reasons, some of these protections are visible, some are not. Beyond that, for security reasons, it’s our practice not to comment on details of specific matters.”

Citigroup has apparently also been attacked, but the attackers haven’t managed to penetrate its defenses.

Bloomberg reports that after the JPMorgan breach was discovered, the bank circulated data about the malware and the IP addresses of the servers the attackers used with the goal of helping other companies check whether they have been attacked by the same group.

The JPMorgan breach was first discovered in late July, and it took several weeks to halt it. The attackers went after the personal information of account holders, and haven’t compromised any financial information, nor did they apparently access any accounts or transfer money from them. Whether that was their ultimate goal is still unknown.

But the attackers did manage to get a file containing a list of all software used on typical JPMorgan endpoint computers, and can use that information to mount new attacks by exploiting known or unknown software vulnerabilities.

SLC Security Services, a cyber security and investigation company based in North Carolina, says that Russian hackers have posted information on the breaches and named First Data, Suntrust Mortgage and a number of credit unions based in the US and Canada as the victims.

They claim that the First Data breach is confirmed, and that a UK financial institution may have also been affected.