NEW YORK - Several US financial institutions were targeted by the same computer hackers who breached the systems of JPMorgan Chase earlier this year, sources familiar with the matter said Wednesday.
While the location of the hackers was not clear, the sources told AFP that numerous intrusion attempts were made at computer systems at major banks and other institutions.
The disclosures confirm earlier comments from US officials who have said that computer systems of US banks had been under attack from hackers, and that these systems could be considered part of the nation's "critical infrastructure." Among the targets in the attacks were Citigroup, Regions Financial Corp, the payroll firm ADP and the online brokerage firm E-Trade, according to the sources.
One source said that Citi was aware of the attacks but that the hackers failed to gain access to the banking group's database.
The New York Times reported meanwhile that President Barack Obama and his national security advisers were briefed on the attacks and that officials considered the hypothesis that the source was from Russia, possibly in retaliation for US sanctions over Ukraine.
Regions, a southern-based regional banking group, noticed unusual activity but did not believe any customer data was compromised, a source familiar with the matter said.
ADP said meanwhile its defences appeared to hold.
"Although ADP threat management experts observed Internet-based traffic from those criminals allegedly reported to have recently attacked JPMC, we have not observed any issues associated with such scanning of our defences," a spokesman said in a statement.
"We will continue to utilize the information provided by members of the cyber intelligence community with regards to the recent JPMC event and will update our cyber defences as necessary." JPMorgan Chase said last week that information, including names and addresses for 76 million household customers and seven million businesses, was compromised in a data breach earlier this year.
But the largest US bank said there was no evidence that critical account information such as account numbers, user identities or social security numbers were stolen by the hackers.