By Danny Yadron And Emily Glazer
J.P. Morgan Chase & Co. may not have discovered the breach
in its computer systems as quickly this past summer if it hadn't
gone looking for trouble elsewhere, people briefed on the
investigation said.
The bank learned hackers stole contact data for 76 million
households and 7 million small businesses because the intruders had
also used some of the same servers to hack both a corporate charity
race website, whose breach was discovered first, and the bank.
The previously unreported account of the incident shows that
J.P. Morgan was both ahead of the curve and behind it while
investigating its massive data breach. On the one hand, the bank's
investigators discovered the incident on their own by looking
outside their sprawling network. On the other, the hackers were in
the bank's network for months undetected.
In early August, a security vendor announced he had located a
massive trove of email addresses and passwords that hackers had
amassed from thousands of websites over the years. Buried in that
cache: an indication the hackers hit the website for the J.P.
Morgan Chase Corporate Challenge, a series of charity running
races, people briefed on the investigation said.
J.P. Morgan and its security vendors discovered the cache
included user information for several participants in the Corporate
Challenge, which is managed by an outside vendor and isn't
connected the bank's network.
Investigators linked that breach back to several overseas I.P.
addresses. They queried J.P. Morgan's own network logs to see if
there had been any communication with these addresses.
They found the servers had also been communicating with the
bank's network.
The bank began to realize hackers had been in its system since
at least June. They ultimately linked the attack to 11 I.P.
addresses that were distributed anonymously to other banks in
mid-August. Those I.P. addresses, viewed by The Wall Street
Journal, link back mostly to eastern Europe, including Russia.
Other addresses could be linked to Egypt and Brazil, according to a
search of public Internet records.
The Federal Bureau of Investigation, which is leading the probe,
didn't immediately respond to a request for comment.
The investigation has been hampered, the people said, because
hackers deleted many of the log files that tracked their movements
through the bank's network.
Devlin Barrett contributed to this article.
Write to Danny Yadron at danny.yadron@wsj.com and Emily Glazer
at emily.glazer@wsj.com
Subscribe to WSJ: http://online.wsj.com?mod=djnwires