NEW YORK (The Street) --- If you bank with JPMorgan Chase (JPM), buy insurance from Anthem Blue Cross (ANTM) or filed a tax return, you may have already been affected by a cyber-attack. And there's more bad news: Regulators are concerned the worst is yet to come.
A "cyber 9/11," as New York Financial Services Superintendent Benjamin Lawsky called it, is a threat banks and financial institutions must take seriously, constantly upgrading security measures to prevent, detect and shut down hacker intrusions, the Securities and Exchange Commission and the Financial Stability Oversight Council said in recent reports.
"Recent cyber attacks have heightened concerns about the potential of an even more destructive incident that could significantly disrupt the workings of the financial system," the Financial Stability Oversight Council warned in its annual report in May. "Financial sector organizations should be prepared to mitigate the threat."
The threat, writ large, is a "disruptive series of attacks that would damage our financial and energy infrastructure," said Mary Jane Wilson-Bilik, a partner in the Washington, D.C., office of Sutherland Asbill & Brennan. "The constant data attacks undermine the reputation of key corporations, the enterprise's value and one's sense of security."
Among the most recent attacks was a breach of computer systems at the U.S. Office of Personnel Management, which may have compromised personal identity information for as many as 4 million current and former federal employees, the agency said. Its leaders are working with both the FBI and the U.S. Department of Homeland Security.
"The sophistication and intelligence of cyber attackers is not be underestimated," said Wilson-Bilik, who cited FBI Director James Comey's description of an "an evil layercake of bad actors, with terrorist groups and hostile nations on the top, followed by criminal gangs and individual bad guys at the bottom."
Both sovereign national and independent actors have been implicated in recent cyber-attacks: Widely publicized data breaches at Sony (SNE) were followed in 2015 by attacks on healthcare companies Community Health Systems (CYH), Anthem (ANTM) and Premera Blue Cross.
A cyber-attack at JPMorgan last year exposed customer contact information including e-mails, names and addresses for about 76 million households and 7 million small businesses, the New York-based bank said in a regulatory filing in October. Information, such as account numbers, passwords and dates of birth, appeared to have been uncompromised, JPMorgan said. A bank spokesperson declined to comment further.