J.P. Morgan Vendor Cyber Rating & Cyber Score

jpmorgan.com
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

J.P. Morgan is a leader in financial services, offering solutions to clients in more than 100 countries with one of the most comprehensive global product platforms available. We have been helping our clients to do business and manage their wealth for more than 200 years. Our business has been built upon our core principle of putting our clients'​ interests first. J.P. Morgan is part of JPMorgan Chase & Co. (NYSE: JPM), a global financial services firm. Social Media Terms and Conditions: https://bit.ly/JPMCSocialTerms © 2017 JPMorgan Chase & Co. JPMorgan Chase is an equal opportunity and affirmative action employer Disability/Veteran.

J.P. Morgan A.I CyberSecurity Scoring

J.P. Morgan

Company Details

Linkedin ID:

jpmorgan

Website:

http://www.jpmorgan.com

Employees number:

82,484

Number of followers:

5,796,290

NAICS:

52

Industry Type:

Financial Services

Homepage:

jpmorgan.com

IP Addresses:

Scan still pending

Company ID:

J.P_1929778

Scan Status:

In-progress

AI scoreJ.P. Morgan Risk Score (AI oriented)

Between 800 and 849

https://images.rankiteo.com/companyimages/jpmorgan.jpeg
J.P. Morgan Financial Services
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
Get a Score Increase
globalscoreJ.P. Morgan Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/jpmorgan.jpeg
J.P. Morgan Financial Services
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

J.P. Morgan

Good
Current Score
810
A (Good)
01000
2 incidents
-11.0 avg impact

Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.

APRIL 2026
810
MARCH 2026
819
Cyber Attack
12 Mar 2026 • Nylas, Outpost24, Cisco and JP Morgan: Security Firm Executive Targeted in Sophisticated Phishing Attack
Sophisticated Phishing Attack Targets Outpost24 C-Level Executive Using Kratos Kit

**Sophisticated Phishing Attack Targets Outpost24 C-Level Executive Using Kratos Kit** A high-profile phishing attack targeted a C-level executive at Outpost24, a Swedish exposure management and identity security firm, leveraging the recently identified **Kratos phishing-as-a-service (PhaaS) kit**. The attack, analyzed by Outpost24’s subsidiary **Specops Software**, employed a **seven-step chain** of redirects through trusted services to evade detection and trick the victim. The phishing email, disguised as a legitimate message from **JP Morgan**, appeared as part of an existing email thread to enhance credibility. It included **two DKIM signatures** to bypass **DMARC authentication**, making it appear trustworthy. The malicious link initially pointed to **Cisco’s secure-web.cisco.com**, a legitimate domain used for URL rewriting, which passed Cisco’s **Secure Email Gateway** validation. From there, the attack redirected through **Nylas**, an email API platform, before funneling the victim to a **subdomain of a legitimate Indian development company**. The final redirect led to a **repurposed domain** originally registered in 2017 by a Chinese entity, which had been **reacquired on March 12** just days after its TLS certificate expired suggesting deliberate repurposing for the campaign. The last stage of the attack used **Cloudflare-protected infrastructure** to conceal the origin server, serving a **browser validation check** to evade security analysis. The victim was then presented with a **convincing Microsoft 365 phishing page**, complete with a fake Outlook loading animation and real-time credential validation to ensure stolen logins were functional. While **Specops did not attribute the attack to a specific threat actor**, the tactics align with those of **Iran-linked groups** recently targeting U.S. entities. However, similar techniques have been observed across multiple hacking collectives, leaving attribution uncertain. The incident underscores the growing sophistication of phishing campaigns, particularly those leveraging **trusted infrastructure** to bypass security controls.

808
low -11
NYLJPMOUTOUT1773678705
Incident Details -
Type
Phishing
Attack Vector
Email
Vulnerability Exploited
DMARC authentication bypass, trusted infrastructure abuse
Impact
Data Compromised: Credentials (Microsoft 365) Identity Theft Risk: High
Response
Third Party Assistance: Specops Software (Outpost24 subsidiary)
Data Breach
Type Of Data Compromised: Credentials Sensitivity Of Data: High (Microsoft 365 logins)
Lessons Learned
The incident underscores the growing sophistication of phishing campaigns, particularly those leveraging trusted infrastructure to bypass security controls.
Initial Access Broker
Entry Point: Phishing email (JP Morgan-themed) High Value Targets: C-level executive
Post Incident Analysis
Root Causes: Abuse of trusted infrastructure (Cisco Secure Email Gateway, Nylas, Cloudflare), DMARC bypass, repurposed domain
References
Blog URL Source URL
FEBRUARY 2026
819
JANUARY 2026
818
DECEMBER 2025
818
NOVEMBER 2025
818
OCTOBER 2025
817
SEPTEMBER 2025
817
AUGUST 2025
817
JULY 2025
817
JUNE 2025
816
MAY 2025
816
AUGUST 2021
830
Breach
01 Aug 2021 • J.P. Morgan
J.P. Morgan Data Breach Due to Software Issue (2024)

On April 18, 2024, the Vermont Office of the Attorney General disclosed a data breach at J.P. Morgan, stemming from a software vulnerability discovered on February 26, 2024. The incident exposed sensitive personal and financial information of an unspecified number of individuals, including names, addresses, Social Security numbers, and bank account details. The breach posed a severe risk of identity theft, financial fraud, and unauthorized access to customer accounts, given the highly confidential nature of the compromised data. While the exact scale of the breach remains undisclosed, the exposure of such critical information—particularly Social Security numbers and banking details—heightens the potential for long-term reputational damage, regulatory scrutiny, and legal repercussions for the financial institution. The incident underscores vulnerabilities in J.P. Morgan’s digital infrastructure, raising concerns about the adequacy of its cybersecurity measures in safeguarding customer data against exploitation by malicious actors.

795
critical -35
JPM004091825
Incident Details -
Type
Data Breach
Vulnerability Exploited
Software Issue
Impact
names addresses Social Security numbers bank account details Identity Theft Risk: Potential Payment Information Risk: Potential
Data Breach
Personal Information Financial Information Number Of Records Exposed: Unknown Sensitivity Of Data: High names addresses Social Security numbers
Regulatory Compliance
Vermont Office of the Attorney General
Post Incident Analysis
Root Causes: Software Issue
References
Blog URL Source URL

Frequently Asked Questions

According to Rankiteo, the current A.I.-based Cyber Score for J.P. Morgan is 810, which corresponds to a Good rating.

According to Rankiteo, the A.I. Rankiteo Cyber Score for March 2026 was 819.

According to Rankiteo, the A.I. Rankiteo Cyber Score for February 2026 was 819.

According to Rankiteo, the A.I. Rankiteo Cyber Score for January 2026 was 818.

According to Rankiteo, the A.I. Rankiteo Cyber Score for December 2025 was 818.

According to Rankiteo, the A.I. Rankiteo Cyber Score for November 2025 was 818.

According to Rankiteo, the A.I. Rankiteo Cyber Score for October 2025 was 817.

According to Rankiteo, the A.I. Rankiteo Cyber Score for September 2025 was 817.

According to Rankiteo, the A.I. Rankiteo Cyber Score for August 2025 was 817.

According to Rankiteo, the A.I. Rankiteo Cyber Score for July 2025 was 817.

According to Rankiteo, the A.I. Rankiteo Cyber Score for June 2025 was 816.

According to Rankiteo, the A.I. Rankiteo Cyber Score for May 2025 was 816.

Over the past 12 months, the average per-incident point impact on J.P. Morgan’s A.I Rankiteo Cyber Score has been -11.0 points.

You can access J.P. Morgan’s cyber incident details on Rankiteo by visiting the following link: https://www.rankiteo.com/company/jpmorgan.

You can find the summary of the A.I Rankiteo Risk Scoring methodology on Rankiteo by visiting the following link: Rankiteo Algorithm.

You can view J.P. Morgan’s profile page on Rankiteo by visiting the following link: https://www.rankiteo.com/company/jpmorgan.

With scores of 18.5/20 from OpenAI ChatGPT, 20/20 from Mistral AI, and 17/20 from Claude AI, the A.I. Rankiteo Risk Scoring methodology is validated as a market leader.