Citigroup Said to Be Attacked by JPM Hackers

Citigroup Inc., E*Trade Financial Corp., Automatic Data Processing Inc. and Regions Financial Corp. were attacked by the same hackers that breached JPMorgan Chase & Co., according to a person familiar with the matter.

At least one of those companies -- E*Trade -- was targeted last year and subsequently brought in cybersecurity specialists to help scour its networks and assess the potential damage, said the person, who asked not to be identified because the investigation is ongoing. The hackers tried to break into Citigroup this year but failed, according to a person familiar with the incident at the bank.

Much about the attacks on these institutions remains unclear, including the motives of the hackers and whether any of the attacks were successful. Some of the methods used to communicate with malicious software inside the firms’ computers were the same as those deployed by the group that attacked JPMorgan, the person said. At the time the JPMorgan attack was reported, people close to the case said other financial institutions had been targeted. No additional names surfaced, and JPMorgan only recently disclosed the scope of the attack, since disclosure isn’t required if customer-account information isn’t stolen.

There are conflicting accounts of whether the computer systems at the targeted companies were actually breached. Thayer Fox, a spokesman for E*Trade, declined to comment.

Citigroup’s Defenses

Janis Tarter, a spokeswoman for New York-based Citigroup, didn’t immediately respond to requests for comment.

“Regions consistently monitors for any unusual activity. At this point, we have no evidence of any breach,” said Jeremy King, a spokesman for Birmingham, Alabama-based Regions.

“Although ADP threat management experts observed Internet-based traffic from those criminals allegedly reported to have recently attacked JPMC, we have not observed any issues associated with such scanning of our defenses,” ADP said in a statement.

Some investigators on the JPMorgan case have pointed to evidence the hackers are working from Russia. JPMorgan has told consultants working with the bank that they saw signs the Russian government had a hand the attack, which resulted in loss of customer information from 76 million households and 7 million small businesses.

Internet Protocol

The Wall Street Journal previously reported the identities of the other companies that were attacked.

After it was breached, JPMorgan, with the help of the Financial Services Information and Analysis Center, known as FS-ISAC, circulated data that would help other companies assess whether they had also been attacked. That data included Internet protocol addresses linked to servers that the hackers used to communicate with the bank’s computers and extract data. It also included information about malware taken from the bank’s network.

Citigroup, E*Trade, ADP and Regions used the data to determine that they had been attacked by the same group, the person said.

(Corrects headline to show Citigroup’s computers weren’t penetrated, timing of attack in second paragraph, spokesman’s comment in fourth.)
Before it's here, it's on the Bloomberg Terminal.
LEARN MORE