THE HIGH-PROFILE DATA BREACH that hit US bank JP Morgan Chase earlier this year could have been avoided if the company had been sharp enough to install a simple security fix, a report claims.
Sources close to the The New York Times identified the entry point and said that the bank's weak spot was on an overlooked server in its network .
Apparently, it didn't use two-factor authentication, a simple dual password scheme which most banks use to restrict access to protected systems.
JP Morgan Chase admitted in August that it had suffered a data breach after it was revealed that the FBI was looking into a potential cyber attack against the firm and four other banks.
Names, addresses, phone numbers and email addresses of the holders of some 83 million accounts were exposed after the attack.
The bank said there is no evidence that account numbers, passwords, user IDs, dates of birth and Social Security numbers were compromised.
An unknown source established that six more banks were attacked at the same time, and that the hackers altered and deleted customer records.
A federal law enforcement official who was not authorised to comment publicly said that sophisticated attacks were coordinated against JP Morgan Chase by Russian hackers.
The bank was not immediately available for comment.
The hack is one of a series of assaults on large firms this year. Target was attacked in January, resulting in the exposure of 70 million names, addresses, emails and phone numbers, along with 40 million payment cards. µ
Promises that it wasn't used without permission
Data-sniffing malware could snaffle up one password to rule them all
If you can't beat em, sync em
Fixing the old, creating the new