The New York Times reported Friday that unnamed sources have said that about nine unnamed financial institutions have been hit by the same group of foreign hackers. The Times noted, “The hackers are thought to be operating from Russia and appear to have at least loose connections with officials of the Russian government.”
The attack on J.P. Morgan did not compromise financial information or personal information like Social Security numbers. Officials at the bank say that only names, addresses, phone numbers and email addresses were compromised.
And if the recent attack, or attacks, came from Russia this would not be a precedent. In 2009 several companies were hit with an attack that resulted in the loss of 130 million credit card records. Five people were ultimately indicted for the crimes in 2013 — four Russians and one Ukrainian. Three are at-large, one is under arrest and the fifth, Vladimir Drinkman, continues to avoid extradition from Russia.
Even though the data that was compromised in the attack did not include financial information, the hackers can either sell the email addresses to companies or groups that send out spam or phishing emails or the hackers can use the data in the same way themselves to try to wheedle more data from consumers. While authorities appear to be looking at some kind of payback for recent U.S.-led sanctions against Russia, previous experience with Russian hackers is that they’re in it for the money, not the glory.