Investigators believe that the hackers who broke into J.P. Morgan Chase & Co. targeted at least 12 other financial-services companies, including Fidelity Investments, people familiar with the matter said, suggesting the cyberattack spree on Wall Street was broader than previously thought.
Investigators also believe that the hackers successfully took data from at least one organization other than J.P. Morgan, the person said.
Other institutions saw traffic from Internet addresses linked to the intruders but blocked their efforts or lost no data, the person said.
Citigroup Inc., E*Trade Financial Corp., HSBC Holdings PLC, Regions Financial Corp. and Automatic Data Processing Inc. saw intrusion attempts from the suspected hackers, though no data were believed to have been taken, people familiar with the matter have said.
It isn’t clear if incidents at some of those firms, including HSBC, Regions Financial, ADP and Citigroup, are related to the data breach at J.P. Morgan, which lost data on 76 million households and seven million small businesses, people briefed on the investigation said.
The Wall Street Journal reported Monday that hackers who targeted J.P. Morgan’s computer network also tried to infiltrate a number of other financial institutions, but the names of the firms hadn’t been disclosed previously.