J.P. Morgan A.I CyberSecurity Scoring
J.P. Morgan
Company Information
Website:http://www.jpmorgan.com
Employees number:82,484
Number of followers:5,796,290
NAICS:52
Industry Type:Financial Services
Homepage:jpmorgan.com
J.P. Morgan Risk Score (AI oriented)
Between 800 and 849
J.P. MorganFinancial Services
Updated:
19/06/2026
19/06/2026
811/1000
Good
A
J.P. Morgan Global Score (TPRM)
xxxx
J.P. MorganFinancial Services
Score locked

J.P. MorganGood
Current Score
811A (GOOD)
01000
2 incidents
-11 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
811
JUNE 2026
811
MAY 2026
810
APRIL 2026
810
MARCH 2026
819
Cyber Attack
12 Mar 2026 • J.P. Morgan
Nylas, Outpost24, Cisco and JP Morgan: Security Firm Executive Targeted in Sophisticated Phishing Attack
Sophisticated Phishing Attack Targets Outpost24 C-Level Executive Using Kratos Kit
808
LOW-11
NYLJPMOUTOUT1773678705
Sophisticated Phishing Attack Targets Outpost24 C-Level Executive Using Kratos Kit
A high-profile phishing attack targeted a C-level executive at Outpost24, a Swedish exposure management and identity security firm, leveraging the recently identified Kratos phishing-as-a-service (PhaaS) kit. The attack, analyzed by Outpost24’s subsidiary Specops Software, employed a seven-step chain of redirects through trusted services to evade detection and trick the victim.
The phishing email, disguised as a legitimate message from JP Morgan, appeared as part of an existing email thread to enhance credibility. It included two DKIM signatures to bypass DMARC authentication, making it appear trustworthy. The malicious link initially pointed to Cisco’s secure-web.cisco.com, a legitimate domain used for URL rewriting, which passed Cisco’s Secure Email Gateway validation.
From there, the attack redirected through Nylas, an email API platform, before funneling the victim to a subdomain of a legitimate Indian development company. The final redirect led to a repurposed domain originally registered in 2017 by a Chinese entity, which had been reacquired on March 12 just days after its TLS certificate expired suggesting deliberate repurposing for the campaign.
The last stage of the attack used Cloudflare-protected infrastructure to conceal the origin server, serving a browser validation check to evade security analysis. The victim was then presented with a convincing Microsoft 365 phishing page, complete with a fake Outlook loading animation and real-time credential validation to ensure stolen logins were functional.
While Specops did not attribute the attack to a specific threat actor, the tactics align with those of Iran-linked groups recently targeting U.S. entities. However, similar techniques have been observed across multiple hacking collectives, leaving attribution uncertain. The incident underscores the growing sophistication of phishing campaigns, particularly those leveraging trusted infrastructure to bypass security controls.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
FEBRUARY 2026
819
JANUARY 2026
818
DECEMBER 2025
818
NOVEMBER 2025
818
OCTOBER 2025
817
SEPTEMBER 2025
817
AUGUST 2025
817
AUGUST 2021
830
Breach
01 Aug 2021 • J.P. Morgan
J.P. Morgan
J.P. Morgan Data Breach Due to Software Issue (2024)
795
CRITICAL-35
JPM004091825
On April 18, 2024, the Vermont Office of the Attorney General disclosed a data breach at J.P. Morgan, stemming from a software vulnerability discovered on February 26, 2024. The incident exposed sensitive personal and financial information of an unspecified number of individuals, including names, addresses, Social Security numbers, and bank account details. The breach posed a severe risk of identity theft, financial fraud, and unauthorized access to customer accounts, given the highly confidential nature of the compromised data. While the exact scale of the breach remains undisclosed, the exposure of such critical information—particularly Social Security numbers and banking details—heightens the potential for long-term reputational damage, regulatory scrutiny, and legal repercussions for the financial institution. The incident underscores vulnerabilities in J.P. Morgan’s digital infrastructure, raising concerns about the adequacy of its cybersecurity measures in safeguarding customer data against exploitation by malicious actors.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for J.P. Morgan ??
What was J.P. Morgan's A.I Rankiteo Cyber Score in June 2026 ??
What was J.P. Morgan's A.I Rankiteo Cyber Score in May 2026 ??
What was J.P. Morgan's A.I Rankiteo Cyber Score in April 2026 ??
What was J.P. Morgan's A.I Rankiteo Cyber Score in March 2026 ??
What was J.P. Morgan's A.I Rankiteo Cyber Score in February 2026 ??
What was J.P. Morgan's A.I Rankiteo Cyber Score in January 2026 ??
What was J.P. Morgan's A.I Rankiteo Cyber Score in December 2025 ??
What was J.P. Morgan's A.I Rankiteo Cyber Score in November 2025 ??
What was J.P. Morgan's A.I Rankiteo Cyber Score in October 2025 ??
What was J.P. Morgan's A.I Rankiteo Cyber Score in September 2025 ??
What was J.P. Morgan's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on J.P. Morgan's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with J.P. Morgan ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view J.P. Morgan's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?