By Emily Glazer, Julie Steinberg and Daniel Huang
Citigroup Inc. and E*Trade Financial Corp. are among the
financial institutions that may have been targeted by the same
hackers who breached J.P. Morgan Chase & Co.'s computer network
earlier this year, according to people familiar with the
matter.
While the companies, which also include payroll processor
Automatic Data Processing Inc. and Regions Financial Corp., believe
they weren't breached, they did see traffic allegedly linked to
hackers who compromised data at J.P. Morgan this summer, people
close to the issue said.
The Wall Street Journal reported Monday that hackers who
breached J.P. Morgan's computer network earlier this year also
tried to infiltrate a number of other financial institutions, but
those firms believe they were unsuccessful, people familiar with
the investigation have said. The range of other companies that
hackers may have tried to breach reveals their interest in various
U.S. financial institutions, from large global banks to regional
firms to technology-focused financial companies.
The traffic at the four firms, which hasn't been disclosed
previously, follows a cyberattack on J.P. Morgan this summer,
resulting in compromised contact information for millions of
customers including names, email addresses and phone numbers but
not Social Security numbers, dates of birth or passwords, the bank
has said. It is unclear how many other firms have experienced such
traffic.
In September federal officials, including those from the Federal
Bureau of Investigation and the Department of Homeland Security,
distributed information about the hackers' "signatures" to a
variety of financial institutions, people familiar with the matter
have said.
A number of financial institutions responded that they had seen
traffic from the suspect computer addresses linked to the hackers,
but that they didn't believe they had been breached, the people
said.
Rather, the hackers, whose identity remains unknown, appeared to
be "probing," or searching for weaknesses on the firms' digital
perimeters. This happens regularly, sometimes daily at
institutions, but the attention to these probes are heightened
given the suspected connection to J.P. Morgan's breach.
"Although ADP threat management experts observed internet-based
traffic from those criminals allegedly reported to have recently
attacked JPMC, we have not observed any issues associated with such
scanning of our defenses," ADP said in a statement. "We will
continue to utilize the information provided by members of the
cyberintelligence community with regards to the recent JPMC event
and will update our cyber defenses as necessary."
The information, which the government said could only be shared
on a "need to know" basis, asked recipients if they had been
affected.
People familiar with the investigation have said this wasn't the
only such memo passed on to other financial institutions regarding
J.P. Morgan's cyberattack. Investigations into the matter are
ongoing.
Last week, J.P. Morgan said that contact information had been
compromised for about 76 million households world-wide by the
hacking incident, a number roughly equivalent to two-thirds of U.S.
households. The breach was first disclosed in August, but more
details were released last week, including the breadth of the
stolen information, which included names, phone numbers and email
addresses of customers.
Customer money is "safe," the bank said in a statement to
customers last week, also reiterating it hadn't seen unusual levels
of fraud since the attack.
The episode also illustrates the daily threats America's
financial system faces in the Internet age. Malicious actors
systematically are looking for ways to gain access to sensitive
data.
After the J.P. Morgan incident became public in late August, the
financial-services sector moved to determine who else was affected.
J.P. Morgan has said it continues to work with law enforcement on
the matter.
Christina Rexrode and Danny Yadron contributed to this
article.
Write to Emily Glazer at emily.glazer@wsj.com and Julie
Steinberg at julie.steinberg@wsj.com
Subscribe to WSJ: http://online.wsj.com?mod=djnwires