SAN FRANCISCO (USA TODAY) – JPMorgan Chase and at least four other financial institutions were hacked recently in a series of coordinated attacks, a federal law enforcement official told USA TODAY.
The source, who was not authorized to comment publicly, said investigators believe Russian hackers were the source of the attacks. What is less clear is whether the attacks were prompted by U.S. sanctions against the Russian government.
The sophisticated cyberattack resulted in the loss of sensitive data, Bloomberg.com said, citing security experts.
Companies "of our size unfortunately experience cyberattacks nearly every day," JPMorgan spokeswoman Trish Wexler said in a statement without confirming the reports. "We have multiple layers of defense to counteract any threats and constantly monitor fraud levels."
FBI spokesman Paul Bresson said the agency is "working with the United States Secret Service to determine the scope of recently reported cyber attacks against several American financial institutions."
Hackers broke into the networks of the banks, where they siphoned data, including account information. Several security firms are conducting digital forensics of the breached computer networks, The New York Times reported.
It remains unknown whether the digital intruders were financially motivated or part of an espionage campaign.
"The ability to overcome the typical financial defense-in-depth strategy outlined by JPMorgan points to capabilities that go beyond criminal activity and are in the realm of nation state capabilities," said security expert Phil Lieberman, CEO of Lieberman Software.
A report on The Wall Street Journal's website said particulars about the incident — when it began, whom it impacted and its potential costs — were unclear.
Though there's no indication the two are linked, computer security firm Proofpoint on Aug. 21 reported a large-scale computer attack campaign targeting JP Morgan Chase customers.
The Sunnyvale, Calif.-based company reported multiple examples of a credential phishing campaign in which authentic-looking e-mails encouraged users to click a link to see a secure message from JP Morgan.
When they did, they were asked to enter their credentials. The Web page was hosted on a server in Moscow and installed a so-called Trojan-program onto their computer, allowing the attackers to compromise the user's computer
Proofpoint identified several other active campaigns that appeared to be run by the same attackers, each of which attempted to install the same Trojan software.
Contributing: Jessica Guynn and Kevin Johnson