One simple mistake led to the biggest hack on a US bank in history

The cyber attack on JPMorgan Chase in mid-2014 was the largest computer breach ever for a US bank. More than 80 million consumers and small businesses had their personal information exposed in the attack, and it could have been prevented with one tiny change to a forgotten server in a corner somewhere. At least that’s the accusation made in a recent report based on information from internal bank sources. 

The computer breach at JPMorgan Chase this summer — the largest intrusion of an American bank to date — might have been thwarted if the bank had installed a simple security fix to an overlooked server in its vast network, said people who have been briefed on internal and outside investigations into the attack. Big corporations like JPMorgan spend millions — $250 million in the bank’s case — on computer security every year to guard against increasingly sophisticated attacks like the one on Sony Pictures. But the weak spot at JPMorgan appears to have been a very basic one, the people said. They did not want to be identified publicly because the investigation into the attack is incomplete. The attack against the bank began last spring, after hackers stole the login credentials for a JPMorgan employee, these people said. Still, the attack could have been stopped there.