(Adds banking industry group unaware of significant cyber
attack, comments from security experts)
By Jim Finkle
BOSTON Aug 28 An influential U.S. financial
services industry group that shares information about cyber
threats has said it is unaware of any "significant" cyber
attacks, downplaying concerns about possible breaches at
JPMorgan Chase & Co and other banks.
The group, known as the Financial Services Information
Sharing and Analysis Center, or FS-ISAC, includes all major U.S.
banks and dozens of smaller ones along with some large European
"There are no credible threats posed to the financial
services sector at this time," the group said in an email to its
FS-ISAC told members in the email that it decided not to
raise its barometer of threats facing banks during a regularly
scheduled conference call on Thursday. During the call, members
discussed threats facing the financial services sector,
including reports of suspected cyber attacks on JPMorgan and
It added that it was "unaware of any significant
cyber-attacks causing unauthorized access to sensitive
information at any member institutions."
JPMorgan had said early on Thursday that it was working with
U.S. law enforcement authorities to investigate a possible cyber
The bank provided little information about the suspected
attack, declining to say whether it believed hackers had stolen
any data or who might be responsible.
"Companies of our size unfortunately experience cyber
attacks nearly every day. We have multiple layers of defense to
counteract any threats and constantly monitor fraud levels," it
said in a statement.
The FBI had said late on Wednesday that it was looking into
media reports on a spate of attacks on U.S. banks, raising
concerns that the sector was under siege by sophisticated
Yet several cyber security experts said that they believe
those concerns are overblown.
"Banks are getting attacked every single day. These comments
from FS-ISAC and its members indicate that this is not a major
new offensive," said Dave Kennedy, chief executive officer of
TrustedSEC LLC, whose clients include several large U.S. banks.
"While we should remain diligent and active in monitoring,
it doesn't appear there is a major offensive," said Kennedy.
The email said that FS-ISAC was maintaining the threat level
at "guarded," noting that financial services firms continue to
face a variety of threats.
It cited recent attacks on retailers using malicious
software that targets point-of-sales systems, SMS phishing
campaigns targeting bank customers and a recently disclosed
attack on hospital operator Community Health Systems Inc
The group also warned members about the potential for
cyber-related activity emerging from conflicts in the Middle
East and Ukraine.
"They are basically saying that the attacks they are seeing
are the standard patterns. That it is business as usual," said
Daniel Clemens, chief executive of cyber security firm
Renewed concerns that banks might be victims of significant
cyber attacks emerged after Bloomberg News reported on Wednesday
that Russian hackers were believed to have recently stolen
sensitive data from JPMorgan and another unnamed U.S. bank. The
New York Times subsequently reported that JPMorgan and at least
four other U.S. banks had been attacked.
The FBI and has said it would work with the Secret Service
to investigate those reports.
One cyber security executive who frequently works with large
banks said that he suspected the activity described by Bloomberg
and the Times was likely run-of-the-mill attacks that financial
institutions fend off on a regular basis.
"There are intrusions every single day. It would be news if
banking institutions were not being attacked," said the
executive, who is not authorized to publicly discuss the matter.
"There have been no disruptive attacks that I am aware of."
(Reporting by Jim Finkle in Boston and David Henry in New York;
Additional reporting by Mark Hosenball and Doina Chiacu in
Washington; Editing by David Gregorio, Jeremy Laurence, Jeffrey
Benkoe and Lisa Shumaker)