JPMorgan Chase Data Breach

Target Audience

Undergraduate
Graduate

Keywords

JPMorgan
Data security
Data privacy

Introduction

Overview

JPMorgan Chase is the largest bank in the United States and the world's largest bank by market capitalization, with $3.9 trillion in assets. The cyberattack compromised data associated with 76 million households, 2 of 3 American households at the time of the attack. Stole names, email and postal addresses, and phone numbers from account holders.

Vulnerability Details

Attackers likely acquired original credentials from an employee who registered an account on the Corporate Challenge website. JPMorgan failed to implement two-factor authentication on the network server where the attackers logged in, which allowed the attackers to use the stolen credentials to log in. Once inside, the attackers gained access to 90 further network servers. The attack did not involve the use of any kind of zero-day. FBI first suspected a sophisticated adversary, such as the Russian government, but by mid-October had ruled them out as a suspect. Four individuals were indicted on 23 federal counts in relation to the attack on JPMorgan and similar attacks on other institutions. The attackers used the stolen account information to operate a stock price manipulation scheme and illegal gambling websites to make millions in profit. The defendants planned on starting their own brokerage business, using the stolen information to give them a leg up against competitors. In October 2015, the Senate Banking Committee asked federal banking regulators to create a process for mitigating attacks like this against the financial sector.

Learning Objectives

Explain data security and privacy
Describe security and privacy violations in the JPMorgan data breach
List common protection mechanisms for data security and privacy

Download

Includes a PDF case study adapted from a real-world cyber breach
Guided questions for student engagement
Instructor materials including context and background
All content packaged in a downloadable ZIP file

Remote Terminal

Terminal Description

Module Questions

What happened in the JPMorgan Chase data breach of 2014?Hackers gained access to JPMorgan's customer accounts through online banking.Attackers exploited a lack of two-factor authentication on a server, which allowed them to access over 90 servers and steal personal data of 76 million households.The bank's mobile app was compromised by malware.JPMorgan's ATMs were infected with ransomware.

What are two effective security mechanisms that could guard against vulnerabilities like those exploited in the JPMorgan breach?Using only encrypted email services.Implementing two-factor authentication (2FA) and network segmentation.Employing password managers for all employees.Disabling user access to all servers.

If you were a hacker, how would you launch a similar attack on another financial institution?I would create a fake mobile app to steal user credentials.I would use phishing emails to gain initial access, then exploit weak security on internal servers and escalate privileges to access sensitive data.I would directly hack into customer accounts through an unprotected Wi-Fi network.I would disable firewalls using social engineering.

What are some ways to perform privilege escalation in financial networks?Sending spam emails.Exploiting unpatched vulnerabilities, abusing weak password policies, or misconfigured access controls.Guessing passwords until access is gained.Using antivirus software to disable security tools.

How can vulnerability scanning be performed in a financial institution's network?Using VPN to bypass security protocols.Using tools like Nessus, OpenVAS, or Qualys to scan for unpatched systems and misconfigurations.Sending out phishing emails to employees.Installing malware on servers to track employee activity.

As the CTO of JPMorgan Chase, what measures would you implement to enhance the security of financial transaction systems?Disabling access to external payment systems.Implementing end-to-end encryption for all transactions and real-time fraud detection systems.Limiting all transactions to certain hours of the day.Using email confirmations for all transactions.

How should financial institutions balance the need for third-party integrations with maintaining data security standards?Allow third parties unlimited access to internal systems for convenience.Conduct regular security audits of third-party vendors and enforce strict data access controls.Disable third-party integrations altogether.Outsource all security to third-party vendors.

If you were responsible for mitigating the misuse of stolen data, what steps would you take?Implement encryption for all stored data and monitor for suspicious activity related to stolen information.Ban all external communications involving sensitive data.Block access to stolen data after 24 hours.Encourage users to share personal data openly.

What IT weaknesses paved the way for the JPMorgan Chase hackers?Lack of two-factor authentication, poor patch management, and insufficient network segmentation.Use of outdated ATM machines.Inadequate mobile app security.Allowing employees to work from home without security measures.

As the CIO of JPMorgan Chase, how would you improve IT security?Ban all employee access to the internet.Implement a comprehensive security strategy that includes multi-factor authentication, frequent security audits, real-time monitoring, and employee security training.Disallow access to the company's network from mobile devices.Reduce the number of security tools to minimize complexity.