Chase Bank fends off cyber attack
Mar 14, 2013 (Herald-Times - McClatchy-Tribune Information Services via COMTEX) --
When a cyber attack brought down JPMorgan Chase & Co.'s consumer website Tuesday, the banking giant alerted local branches and moved to funnel customers to operations that were still functioning.
Chase (NYSE: JPM) is the second-largest bank in the Bloomington area by market share, with six offices and deposits of $412.7 million. The bank's Bloomington market share is 15.7 percent, according to the most recent statistics from the Federal Deposit Insurance Corp.
Its consumer banking website locked up for several hours Tuesday afternoon because of a denial-of-service, or DoS, attack. Such attacks, which are difficult to trace, paralyze sites by overwhelming them with information requests.
They are far from rare. A December 2012 survey from the Michigan-based information-security group Ponemon Institute found 64 percent of retail banks had been targeted by DoS attacks in the last year.
Chase's site was functioning again Wednesday. And Bloomington branch managers were referring requests for comment to corporate offices. Chase spokeswoman Christine Holevas said the bank informs local branches whenever it encounters an issue like a DoS attack.
"We do send out a communication to the branches," she said. "We put a message up on the site. This time it directed people to the mobile site, which was still functioning. It also encouraged people to call telephone banking."
Companies that are the victim of DoS attacks typically follow one of two strategies, according to Fred Cate, a law professor at Indiana University and director of its Center for Applied Cybersecurity Research. Some send customers to functioning points of service -- that's what Chase did. Others simply have enough server capacity that they're extremely difficult to bring down.
"Most companies don't like to talk about this very much," Cate said. "If you asked how many attacks there have been in the last year, no one, not even the federal government, knows the answer."
DoS attacks simply deny customers access, Cate said. They don't directly imperil consumer data, although many companies' security professionals check to make sure DoS attacks aren't being paired with another more nefarious assault.
"If you go after a Chase, all you're trying to do is make a statement," Cate said. "It's a little like protesting in front of a bank. You're not going to shut the bank down. The stock price isn't going to be affected."
Those who use Chase's online banking services likely don't need to fear for the security of their personal data, because banks guard that information closely, Cate added.
But he recommended double-checking to make sure that any banking interrupted by the DoS attack has been completed.
"I'd say from the consumer point of view, there's probably no reason to be worried," Cate said. "If I had been trying to get online yesterday, I would be going back to make sure whatever I was doing was finished correctly."
___ (c)2013 the Herald-Times (Bloomington, Ind.) Visit the Herald-Times
(Bloomington, Ind.) at www.heraldtimesonline.com Distributed by MCT Information
[ InfoTech Spotlight's Homepage ]