So many companies have been hacked in the past year that news of another major data breach has become almost routine.
Yet, there may be new reasons to be concerned about JPMorgan Chase announcing Thursday that it is investigating a possible cyberattack.
The attack, which appears to be a coordinated one against multiple banks, is a sign that hackers have found a way to breach perhaps the most protected computer systems in the American economy.
While numerous retailers and grocery stores have been attacked by hackers over the past year, experts say the computer security at those places was relatively porous. Successful attacks against banks, however, are unusual because the financial sector has perhaps the strongest security of any industry, said Jacob Olcott, a cybersecurity expert at Good Harbor Security Risk Management.
“The fact that even these companies can experience a successful attack should definitely raise eyebrows because they spend the most money and have the most sophisticated defenses,” Olcott said.
JPMorgan said Thursday that it is working with law enforcement to investigate a possible cyberattack against its network. The bank said it is trying to determine how much data was stolen and has not seen any “unusual fraud activity.”
A JPMorgan spokeswoman said the bank will reach out to any affected customers and encouraged them to contact the bank if they detect suspicious activity on their accounts. Customers won’t be held liable for fraud related to the attack.
The FBI and Secret Service are also investigating the attacks.
"Companies of our size unfortunately experience cyberattacks nearly every day," JPMorgan spokeswoman Trish Wexler said in a statement. "We have multiple layers of defense to counteract any threats and constantly monitor fraud levels."
Many details about the attack remain unclear, including the origin of the hackers, their motives, which other banks were involved, and when the breach happened.
Security experts said the attack could have serious consequences depending on what information was taken. While banks typically reimburse customers for fraud, the hackers could use access to banks' computer systems to take out loans in customers’ names, commit other kinds of identity theft, or worse, manipulate financial data inside the banks’ computers, said Tom Kellermann, chief cybersecurity officer at Trend Micro, a computer security firm.
"The average person should be very concerned," he said.
He added: “The question is, did they just steal data or did they also manipulate data? If you alter data, you are changing the value of money. It could undermine the integrity of the institution.”
The hackers appear to have stolen gigabytes of data, including customer credit and savings account information, from JPMorgan and at least four other banks in a coordinated attack, according to The New York Times. Hackers also took sensitive information from employee computers, according to Bloomberg, which first reported the news.
At least one of the banks that was attacked believes the hackers were sponsored by the Russian government, and the FBI is investigating whether the attack was in retaliation for U.S.-imposed sanctions on Russia, according to Bloomberg News.
Russian cybercriminals are considered to be the most sophisticated hackers in the world, even more skilled than Chinese hackers, experts say. While Chinese hackers often try to steal intellectual property from U.S. companies, Russian hackers frequently target banks and are motivated mostly by financial gain, experts say.
If Russian hackers are retaliating against U.S. sanctions, "it's a sign of an escalation of geopolitical tension that will directly impact the average American by attacking their finances,” Kellermann said.
JPMorgan recently said it plans to spend $250 million on cybersecurity this year. But despite spending all that money, the bank may have been undone by the negligence of a single employee. Hackers appear to have found their way into JPMorgan's network by hacking an employee's personal computer, The Wall Street Journal reported, citing a person close to the investigation.