JPMorgan data breach entry point identified: NYT

A sign outside the headquarters of JP Morgan Chase & Co in New York, September 19, 2013. REUTERS/Mike Segar

(Reuters) - A computer breach at JPMorgan Chase & Co JPM.N earlier this year could have been avoided if the bank had installed a simple security fix to an overlooked server in its network, the New York Times reported, citing people briefed on investigations.

In October, JPMorgan Chase revealed that names, addresses, phone numbers and email addresses of the holders of some 83 million accounts were exposed when the bank’s computer systems were compromised by hackers, making it one of the biggest data breaches in history.

The weak spot at the bank appears to have been a very basic one – the bank did not use a double authentication scheme, known as two-factor authentication, the paper reported. (

JPMorgan’s security team had apparently neglected upgrading one of its network servers with the dual password scheme, the newspaper said, citing people who did not want to be identified because the investigation into the attack was incomplete.

Officials at JP Morgan were not immediately available for comment outside regular U.S. business hours.

Earlier this month, U.S. regulators said they were stepping up efforts to examine financial institutions’ defenses to ward off cyber attacks, as a top FBI official warned of new “increasingly complex” threats to the financial sector.

Reporting by Supriya Kurane in Bengaluru; Editing by Ken Wills