The FBI is investigating a suspected Russian cyber attack on a number of American banks.
Hackers are believed to have targeted JP Morgan and at least four other banks in the US, amid increasing concern over cyber security from watchdogs on both sides of the Atlantic.
The attack on JP Morgan reportedly resulted in the loss of “gigabytes of sensitive data” that could have involved customer and employee information. It is said to have been of a level of sophistication beyond ordinary criminals, leading to speculation of a state link.
The FBI is thought to be investigating whether there is a connection to Russia. American-Russian relations continue to be fraught amid the crisis in Ukraine, with sanctions ramped up.
The bank is understood to have been in touch with executives in London to see if there is any link to its UK operations, but so far the attack, which happened earlier this month, is thought to have affected only the US.
But watchdogs are increasingly worried about the City’s potential vulnerability to an aggressive state-backed hack.
A spokesman for JP Morgan would not comment directly on the incident but said: “Companies of our size unfortunately experience cyber attacks nearly every day.
“We have multiple layers of defence to counteract any threats and constantly monitor fraud levels.”
JP faced criticism in April when it blocked a payment from a Russian embassy to the affiliate of an American-sanctioned bank. Russia’s foreign ministry described the move as “absolutely unacceptable, illegal and absurd”.
That led to speculation that the bank would face some form of retaliatory action. However, China has also been implicated in such data-fishing expeditions against Western businesses.
UK watchdogs say sophisticated hackers have changed tack recently, using publicly available information and a more pinpoint approach to find a way through or around banks’ security walls. The tactic has also affected European banks.
This year the Bank of England finished its second City-wide “Waking Shark” simulation, designed to test the ability of banks to cope with a cyber assault.
From that it developed what is known as the CBEST framework, which tries to mimic the effects of more sophisticated hacking. It uses intelligence in the market to get inside defences and employs so-called ethical hackers to test the City’s defences.