JPMorgan Chase Tooth Fairy Hack

JPMorgan Chase is the latest victim of a cyber attack. The company announced that unknown hackers broke into their computer system and stole over 80 million customers’ names, addresses, phone numbers and email addresses. This is a really odd announcement for a serious company. Believing that a hacker broke into a bank’s system only to get what he can get from the White Pages is more naïve than believing in the Tooth Fairy. It’s like believing that a burglar broke into the house just to look at the clock because he lost his watch.
The company somewhat hedged its conclusion by stating that there’s no evidence of hackers stealing anything else, but still assuring their customers that there’s nothing to worry about.
The reality is that this tells us that whoever did it is a competent hacker. He either obtained all the financial data right away and covered his tracks well enough that neither JP Morgan nor the FBI could find anything, or left malware that will be sending him that data later. This type of malware is extremely difficult to detect, and the JP Morgan/FBI failure is typical.
This is also indicative of a well-heeled hacker who is financially already very comfortable and can afford to wait until a later date when he can safely start milking the golden cow.
The scariest part of this story is that if this hacker is so good technically and astute financially JPMorgan Chase and its millions of customers are in for a very interesting future. At this time most banks can afford to absorb losses from cyber fraud (but of course passing on the cost to us in interest and fees). It remains to be seen for how long this is going to be the case.

Leave a Reply