It’s no surprise that financial institutions are the target of cyber-attacks. The data networks of financial institutions arguably house the most valuable information that a malicious hacker could seek, such as Social Security numbers and credit card information. With this data, hackers could either fraudulently access someone’s money or credit lines — or steal their identity.
This week, JPMorgan Chase (NYSE:JPM) was the subject of yet another cyber attack. Reuters reports that data related to as many as 465,000 pre-paid UCard users could have been accessed and lifted from its servers in September. While the bank does not believe that sensitive personal information was stolen, the possibility of fraud can’t be ruled out. As per protocol, the bank has notified the Federal Bureau of Investigation and the Secret Service, both of which are now investigating the case.
JPMorgan reports that the issue has since been fixed, but the damage has already been done. The attack, just one of many to surface over the past few years, is a reminder that security is all-important in the Internet and information age — and that even major financial institutions are not immune to attack.
JPMorgan, Bank of America (NYSE:BAC), and Citigroup (NYSE:C) and countless other financial firms — as well as non-financial firms — have all been subject to heightened cyber attacks over the past few years. While most cyber attacks are relatively lightweight (defacement of web properties, kind of like digital vandalism) and may be more appropriately filed under the umbrella of “hacktivisim,” data security is still an enormously under-addressed issue.
A Bloomberg survey conducted in 2012 found that in order for financial institutions to reach an “ideal state of protection” — defined by the Ponemon institute as the capacity to stop 95 percent of attacks — they would each need to spend $292.4 million per year. Total spending would have to increase from about $5.3 billion to $46.6 billion.
In late 2012 and early 2013, major financial institutions — including Bank of America and Citigroup — were the target of distributed denial-of-service attacks by a self-described activist group called the Cyber Fighters of Izz ad-din Al Qassam. The attacks took down the websites of about 12 major U.S. banks. Part of the problem that these attacks revealed was that it is increasingly inexpensive to launch cyber attacks against big banks like Bank of America, but still very costly to defend against them. Earlier, in 2011, Citigroup was the target of a cyber attack that affected more than 360,000 credit card accounts.