• Skip to primary navigation
  • Skip to main content
site logo
  • About
    • Approach
    • Partnerships
    • Mission
    • Leadership
    • Awards
    • Arraya Cares
  • Solutions
    • Solutions

    • Hybrid Infrastructure
      • Hyperconverged
      • Infrastructure as a Service
      • Servers, Storage, and Virtualization
      • Data Protection
      • Disaster Recovery & Business Continuity
    • Apps & Data
      • AI
      • Automation
      • Customizations
      • Visualizations & Integrations
      • Migrations
    • Network
      • Enterprise Networks
      • Wireless Connectivity
      • Cloud Networking Solutions
      • IoT
    • Cybersecurity
      • Endpoint Security
      • Network Security
      • Cloud Security
      • Application Security
    • Modern Workplace
      • Microsoft Licensing
      • Productivity & Collaboration
      • Modern Endpoint Deployment & Management
      • Microsoft Compliance & Risk
      • Backup
      • Cloud
  • Services
    • Services

    • Managed Services
      • Service Desk
      • Outsourced IT
      • Managed Security
      • Managed NOC
      • Arraya Adaptive Management for Microsoft Technologies
      • ADEPT: Arraya's White Label Program
    • Advisory Services
      • Assessments
      • Strategy
      • vCTO
      • vCISO
      • Enterprise Architecture
    • Staffing
      • Infrastructure Engineering
      • Security & Compliance
      • Application & Software
    • Professional Services
      • Project Management 
      • Systems Integration 
      • Mergers & Acquisitions
      • Knowledge & Skills Transfer 
  • Industries
    • Education
    • Finance
    • Healthcare
    • Legal
    • Manufacturing
    • Software and Services
  • Insights
    • News
    • Blog
    • Events
    • Videos
    • Case studies
  • Careers
  • CSP Login
search icon
Contact Us

Missed Upgrade Leads to JPMorgan Chase Cyber Attack

Your network security has been breached and your company’s sensitive data is in the hands of cyber crooks. That in and of itself is a bad enough spot to be in, but the salt in the wound? Hearing security experts say that a simple fix could have prevented the attack in the first place.

It’s not much, but at least there’s some solace that can be taken from knowing a hacker had to step up their game and really break a sweat to best your company’s digital security. But knowing that there was an easy solution which could have stymied them? That’s the type of thing that can keep IT pros up at night and it’s the situation one major bank has found itself in, according to experts.

This past spring and summer one of America’s top financial institutions, JPMorgan Chase, fell victim to a security breach which compromised the personal information of roughly 83 million households and small businesses. Customers’ home addresses, email info and phone numbers were among the prizes thieves were able to get their hands on. Amazingly, things could have been worse. It’s believed that customer financial information and social security numbers were not among the pieces of data the hackers were able to steal.    

So how did those hackers get passed JPMorgan Chase’s digital security, which the bank is thought to have spent $250 million on? An incomplete two-factor authentication deployment.

Two-factor authentication is a defense scheme which requires a person to enter a randomly-generated, one-time-use password in addition to their own regular credentials before they can access a system. According to The New York Times, it’s a mechanism used by many larger financial institutions, including JPMorgan Chase. 

However, apparently JPMorgan Chase’s IT team had failed to upgrade a lone server to two-factor authentication, leaving the bank vulnerable. Hackers were able to use a stolen set of employee credentials to gain access through that one neglected server and from there, it was open season.  

The investigation into the attack is ongoing, and to date it hasn’t been determined just how the server managed to slip through the cracks. However, The New York Times pointed out the breach occurred during a period of high turnover for the bank’s IT team.

Even if that $250 million figure dwarfs your own cyber security budget, it doesn’t mean your company is doomed to face a similar intrusion. Remember, it’s not always how much you spend, but how you spend it, as this case proves.

Cross-training IT employees in multiple areas is one way to prevent routine maintenance or critical updates from falling out of mind in the event of turnover or unexpected absences. A partner like Arraya can also ensure that – by providing the manpower and tools needed to maintain business continuity at your company. To find out more, visit www.ArrayaSolutions.com or speak to your Arraya Account Executive today.

Arraya Insights
Back to Top
Arraya Solutions logo

We combine technological expertise and personal service to educate and empower our customers to solve their individual IT challenges.

518 Township Line Road
Suite 250, Blue Bell, PA 19422

p: (866) 229-6234     f: (610) 684-8655
e: info@arrayasolutions.com

  • Careers
  • Privacy Policy
  • Contact Us

© 2025 Arraya Solutions. All rights reserved.

Facebook Twitter YouTube LinkedIn
Manage Cookie Consent
We use cookies to enhance your experience. By selecting “Accept,” you agree to our cookie policy.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}