web analytics

Bank Hack Attacks Happen More Often Than You Thought


Given the regularity with which hack attacks appear featured in online publications, people may start to believe that their private information is as accessible to hackers as a low hanging fruit. While retailers and popular websites produce a lot of brouhaha in the media when they begrudgingly admit that the private information of their customers and users had been snatched by hackers, a sophisticated bank hack is not only newsworthy, but rarely reported.

The JP Morgan Chase Bank Hack

One of the most newsworthy of them all was the bank hack that involved JP Morgan Chase. Granted, no credit card information had been compromised, but what was astounding was the proportions of the data breach. Over a couple of months, hackers stole the personal information, such as name, home addresses, email addresses, and phone numbers of 76 million customers.

Bloomberg.com reviews this incident of Russian origin by putting it into the context created by the annexation of Crimea by Russia. The act of aggression prompted many banks, including JP Morgan Chase, to impose sanctions on the offending nation. While it has not been confirmed that such a connection exists, the politically charged situation produced quite a bit of speculation over the fact that the bank hack was made in retaliation to these sanctions.

Very simply put, hackers exploited an overlooked vulnerability in the one of the websites of the bank to infiltrate into the system, then used highly sophisticated malware to penetrate the parts of the infrastructure that contained customer information. The bank hack was uncovered during a routine check carried out by employees.

While the depiction of the consequences in the media ranged from dramatic to not-so-dramatic, this feat will surely remain in the collective memory as one of the most successful hacks perpetrated against the biggest bank in the US.

One Bank Hack to Rule Them All

A gargantuan and lucrative bank hack that resulted in losses close to $1 billion was uncovered and extensively reported starting with February 2015. An estimated 100 banks around the world were targeted, many of which were located in the US.

The scheme began with hackers sending malware-laced emails to employees. Once the malware was installed on employees’ computers, the hackers started to monitor the daily activity, paying close attention particularly to cash transfer operations. Once they became acquainted with the bank’s usual activities, the fraudsters would transfer large amounts of money to accounts set up in several countries. In an unusual twist, the fraudsters were able to make ATMs spontaneously give out money without any request being made by a person.

Why Would a Bank Hack Be Kept Secret?

In the first incident, most of the attention had been given to JP Morgan Chase Bank hack because they were the only ones who agreed to speak publicly about the breach. The hackers, however, managed to steal information from six other unidentified financial institutions during the same attack. In a similar fashion, in spite of the proportions of the second incident, no bank in the US came forward to acknowledge that it had been targeted. This secrecy is made possible by the fact that banks, retailers, and businesses are not obliged under current legislation to come clean when they have been hacked. In an effort to curb the habit of keeping such incidents concealed from the public eye, two Congress members sent in late 2014 an open letter to 16 financial institutions asking for more transparency in the handling of data breaches, but the demand promptly fell on deaf ears.

The prevalence of hacking is best measured not by media coverage, but by statistics. In October 2014, CNN reported that 47% of adults in the US had their private information exposed as a result of hacking. So on the rare occasion you read about a new bank hack, just remember that there is a lot more that is being swept under the rug.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: