An un-patched server led to attackers infiltrating JPMorgan

JPMorgan Chase’s big hack this summer could have apparently been prevented if the mega-bank’s security team had properly updated a neglected server, according a report in The New York Times that cites unnamed sources.

The data breach supposedly took place this summer when a bunch of [company]JPMorgan[/company]’s security team left for the payment processing company [company]First Data[/company]. While it originally seemed that Russian hackers were responsible for the hack, the FBI said that’s not the case and no one really knows who caused it. Current evidence does not seem to lead to North Korea either, the Times report explained.

It’s common for banks to use two-factor authentication (the same security measure Apple decided to use after its iCloud was hacked, resulting in the leak of nude celebrity photos) as a way to secure their systems. In JPMorgan’s case, however, security staff forgot to upgrade one of the bank’s servers with the security verification process.

Security experts told the Times that because of the size of JPMorgan and other similar banks and the fact that these institutions acquire a lot of companies, it’s difficult to ensure that their entire networks are secure.

This is just one more reason to remember that you really ought to take time to make sure that all of your servers are patched up. As CloudPassage CEO Carson Sweet told me in late August, regarding the companies he’s been talking to, around 50 percent of servers spun up in the cloud have vulnerabilities because the original servers they were spawned from weren’t updated.