JPMorgan Chase could have avoided one of the most damaging cyber attacks in history with a simple security fix.
The bank, which was struck in late August, revealed in October that the attackers had made off with the data of 76 million households and 7 million small businesses. The scandal made it into our top 10 list and was reported to have started with just one compromised password.
Now it has been revealed that if the company had installed a single security fix to a overlooked server in its network than the entire attack could have been stopped.
According to a New York Times report, the bank had not implemented two-factor authentication – a system that requires two methods of entry to an account, like a code sent to a phone – on all of its servers, leaving it vulnerable.
Once inside the bank’s network the hackers went to work, gaining high-level access to more than 90 other servers before being found and stopped.
In the meantime the bank insists that customer data had not been totally lifted.
“These criminals accessed customer contact information, but no account information,” said Patricia Wexler, a bank spokeswoman. “We have seen no evidence of fraud as a result of this.”
As a result of the size of the data breach the NSA has stepped up to work alongside the national bank. It’ll be their job, the report states, to try and shore up any holes and patch any trapdoors left by the hackers.
The company’s antiquated systems have been highlighted as the reason for the ease of the hacker’s entry. JPMorgan has been integrating the networks of smaller banks it has taken over for years. It’s not uncommon, an insider told the New York Times, for the old companies’ names to randomly appear in JPMorgan URLs.