Fidelity Investments was among 13 financial institutions hit by a hack attack launched by cybercriminals believed to be associated with the crew that stole customer information from JPMorgan Chase. Although it appears no customer data was stolen, security industry analysts are concerned about the fallout.
JP Morgan last week revealed the accounts of 76 million households were compromised in the attack. On top of that, another 7 million small businesses were compromised. In a Securities & Exchange Commission filing, the firm revealed that user contact information, including names, addresses, phone numbers and e-mail addresses were compromised. So far, Fidelity is telling a different story.
“We have no indication that any Fidelity customer sites, accounts, information, services or systems were affected by this matter,” said a Fidelity spokesman in a published statement. “We take security very seriously and closely monitor the online environment. Fidelity has a range of safeguards and multiple layers of security in place to protect customer accounts and information, our sites, and systems. For security reasons, some of these protections are visible, some are not. Beyond that, for security reasons, it’s our practice not to comment on details of specific matters.”
Retail vs. Financial Services Attacks
Ken Westin, security analyst at advanced cyberthreat detection firm Tripwire, told us he thinks it’s interesting to see the difference between the scale and scope of the recent retail and financial services cyberattacks.
“Financial services companies, like JPMorgan Chase and Fidelity, have invested heavily in their security infrastructure. This stands in sharp contrast to the attacks we’ve seen in retail industry,” Westin said. “Even though retail firms also have significant investments in technology, their security infrastructures appear to be significantly less resilient.”
Westin pointed out that both the Fidelity and JPMorgan Chase breaches could have been much, much worse — but these organizations were able to limit the damage of the attacks even after the cybercriminals gained some access to their networks.
“Although the media tends to demonize companies when they are breached, we should also be paying attention to what happens when companies successfully thwart attacks,” Westin said. “If this kind of information can be shared across industries it would help make the entire Internet more secure. The retail industry in particular might be able to learn a bit from the financial services security strategies designed to detect and contain attacks in progress before significant data is lost.”
Who’s Behind This?
Eric Cowperthwaite, vice president of Advanced Security and Strategy at computer and network security firm Core Security, told us we really ought to be thinking about who is behind these attacks and why they would do it. From his perspective, this is clearly not your average band of hackers. (continued…)
|2 Next Page >|