In August of 2014, it was reported that a group of hackers had exploited a vulnerability in the websites of JPMorgan. After breaking into the company’s network, the attackers then allegedly staged additional attacks that were custom-made to JPMorgan’s servers, which gained them access to internal systems on which customer account data was stored.
Several months later, investigators revealed that the criminals, who were believed to be Russian in origin, used zero-day exploits to gain access to the sensitive data of 76 million households and 7 million small businesses. Their analysis also suggested that the hack may have occurred as a result of a misconfiguration on one of JPMorgan’s servers for which two-factor authentication had been disabled, a security oversight which may have led to the compromise of an additional 90 servers before the attack was detected and ultimately thwarted.
It has been nearly a year since the hack against JPMorgan occurred. However, authorities may finally be closing in on those responsible for the incident.