REPORT: 'Russians' Behind Huge JPMorgan Cyberattack
And they believe Russians with at least loose connections to the country's government are behind the attack, according to a new report from The New York Times.
JP Morgan revealed Thursday that as many as 76 million households and seven million small businesses may have had private data compromised in the breach, one of the largest and most serious into a US corporation.
Data that may have been compromised in the breach include contact information and "internal JPMorgan Chase information" relating to the users, according to an SEC filing from the company.
They weren't alone, according to the new report. The Times says that "about" nine other financial institutions were infiltrated by the same group of hackers, though the breadth and scope of those breaches aren't known.
One US official speculated that the hack may be in retaliation for US sanctions against Russia amid the ongoing crisis in Ukraine.
"It could be in retaliation for the sanctions," a senior official told the paper. "But it could be mixed motives - to steal if they can, or to sell whatever information they could glean."
The JPMorgan breach did not affect account information or any money inside customers' accounts, the company said Thursday.
"There is no evidence that account information for such affected customers - account numbers, passwords, user IDs, dates of birth or Social Security numbers - was compromised during this attack," JPMorgan said in the SEC filing.
But according to the new report in the Times, the hackers got access to one file that has unsettled company executives.
"That file contained a list of every application and program deployed on standard JPMorgan computers that hackers can crosscheck with known, or new, vulnerabilities in each system in a search for a backdoor entry," the report said. Remedying the applications and the program affected by the hack will be costly and time-consuming.
It is, one former employee told the paper, as if "they stole the schematics to the Capitol - they can't just switch out every single door and window pane overnight."
Some lawmakers have jumped on news of the hack to push Congress to pass cybersecurity legislation. Sen. Angus King (I-Maine) underscored the urgency, saying in a statement the "next Pearl Harbor" would come in the form of a cyberattack to an unprepared US.
"The longer we wait to take action, the more vulnerable we become, and as we've seen today, Americans will pay the price. We simply cannot afford to wait any longer," King said.
"Congress must work to pass legislation that will improve our capabilities and protect us against more attacks like these. The next Pearl Harbor will be cyber, and shame on us if we're not prepared for it."