A week after news reports first surfaced about a suspected cyber-attack against U.S. banking giant JPMorgan Chase & Co., the bank has yet to confirm whether hackers did, indeed, breach its network (see FBI Probes JPMorgan, Other Bank Attacks).

So far, Chase has only said that it's investigating the possibility of an attack, and that it has multiple layers of defenses in place to monitor for fraudulent activity that would indicate a breach.

But Al Pascual, director of fraud and security for consultancy Javelin Strategy & Research, says continued speculation about the yet-to-be-confirmed breach could hurt the bank's reputation.

"My concern here is that even alluding to the idea [of an attack or breach] could have a serious effect on the confidence that consumers and businesses have in some of our largest institutions," he says. "This is as much an attack on the integrity of our institutions as it is on the public's trust in them."

Pascual likens the allegations about a cyber-attack against Chase to the distributed-denial-of-service attacks that targeted leading U.S. banks in 2012 and 2013. Those attacks were waged to breed fear, not perpetrate fraud, he says.

Making allegations about an attack against the biggest U.S. bank can "create an environment of fear around one of the cornerstones of our national strength," Pascual says.

What's Been Reported

On Aug. 27, Bloomberg reported that Russian hackers in mid-August had attacked Chase and at least one other U.S. banking institution (see Report: Russians Hack JPMorgan Chase).

The Financial Services Information Sharing and Analysis Center on Aug. 28 responded, saying it had seen no evidence to suggest a "significant" cyber-attack had been waged against Chase or any other U.S. bank.

Also on Aug. 28, leading banks, including Bank of America, Bank of New York Mellon, PNC Financial Services Group, State Street, SunTrust Banks, U.S. Bancorp and Wells Fargo, told The Wall Street Journal they had seen no indications that their networks had been intruded.

Then, on Sept. 4, Bloomberg reported that unnamed sources close to the investigation claimed cybercriminals had turned compromised computers from throughout the world into command-and-control centers that were used to attack Chase's network. And on Sept. 5, Bloomberg posted a follow-up story, noting that Chase may have been more susceptible to an attack because of recent shifts in leadership among its IT and security leadership.

"The FS-ISAC will not speculate on media reporting alleged compromises of institutions within the member community," FS-ISAC president and CEO Bill Nelson says in a statement provided to Information Security Media Group. "The media has so far not presented any concrete evidence of any significant cyber-activity impacting the sector, and therefore any attribution is speculative with no supporting foundation that has been presented for review. The global FSISAC membership sees continuous cyberthreat activity from a wide variety of adversaries. So, the claims of some security vendors and consultants drawing allusions to specific geopolitical events would seem, at the least, self-serving, from a business perspective, when they are attempting to sell their products and services to these same firms."

Silence Raises Questions

The fact that Chase has not come out to definitively say that it has not been attacked does raise questions, says financial fraud expert Shirley Inscoe, an analyst at the consultancy Aite.