By Emily Glazer And Robin Sidel 

J.P. Morgan Chase & Co. said Thursday it wasn't seeing "unusual fraud" and it was working closely with law enforcement to determine the scope of a computer-hacking attack.

The comments came a day after the Federal Bureau of Investigation said it said it was "working with the United States Secret Service to determine the scope of recently reported cyber attacks against several American financial institutions."

The investigation is focused on J.P. Morgan and as many as four other banks, in what people familiar with the probe described as a significant breach of corporate computer security.

On Thursday, the largest U.S. bank by assets said it was taking additional steps to safeguard sensitive or confidential information and would contact relevant parties as it learns more about who may have been affected. It said customers should contact the bank if any suspicious activity on their accounts is detected and that they would be protected against losses from fraud.

Separately Thursday, Bank of America Corp. isn't seeing any indication that it has been the victim of a cyber attack, according to a spokesman. "There is not any indication that we have been a target of this activity that has been reported," said spokesman Dan Frahm.

A group of banks including Wells Fargo & Co. and Bank of New York Mellon Corp. Thursday said that they didn't have any indication of a cyber attack.

PNC Financial Services Group also said it "has no information to indicate that we have been impacted by this threat."

A spokesman for U.S. Bancorp said, "We are aware of the matter and monitoring it closely and at this time we have no indication that U.S. Bank systems or networks have been impacted by this event."

A spokeswoman for SunTrust Banks said the bank hasn't been impacted by the hacking.

The Wall Street Journal, citing people familiar with the situation, reported on Wednesday that the Federal Bureau of Investigation is probing a computer hacking at J.P. Morgan Chase & Co. that also may have hit a number of other banks.

Cybersecurity experts began investigating the possible J.P. Morgan breach earlier this month, according to people familiar with the investigation.

Those people said that evidence had suggested hackers were able to make a significant foray into J.P. Morgan's computer system. People with knowledge of the probe said it appeared that between two and five U.S. financial institutions may have been affected. The names of all targeted banks couldn't be immediately determined.

The attack appears to have been caused by malicious computer code, known as malware, according to a person familiar with the matter.

The style of the attacks and the targets--large U.S. financial institutions--have led some people briefed on the investigation to suspect a possible Russian or Eastern European link. Russian organized crime often targets large financial institutions. But several people with knowledge of the investigation cautioned that it was too early to tell who was behind the attacks.

Thefts of U.S. corporate data have in the past often come from hackers based in China, Russia or the former Soviet Union, although that doesn't mean the cyberattacks involve those governments. Hackers can act on their own and sell stolen data to other organizations.

Hackers appear to have originally breached J.P. Morgan's network via an employee's personal computer, a person close to the investigation said. From there, the intruders were able to move further into the bank's inner systems. Employees often use software to tap in to corporate networks from home through what are known as virtual private networks.

Such an attack would mark the latest instance in which a large corporate network was breached by a weak external link. When hackers stole 40 million payment-card numbers from Target Corp. last year, they originally infiltrated the retailer by stealing a ventilation contractor's password.

In mid-August, cybercriminals hacked in to nearly 1,000 grocery stores around the U.S. The common link: Supervalu Inc. of Eden Prairie, Minn., which managed the stores' technology services and had remote access to those locations, people familiar with that case have said.

In recent weeks, J.P. Morgan called numerous security vendors with concerns it had a problem, people close to the investigation said. The bank in recent months hired a number of employees with Defense Department experience because the firm treats cybersecurity as a problem akin to military security, people familiar with the matter said.

Cybersecurity has been a chief concern--and cost--for large banks over the past few years.

J.P. Morgan, along with other banks, has been vulnerable to attacks in the past, particularly so-called distributed denial of service threats, known as DDoS. These attacks knock websites offline by flooding them with useless traffic. Iranian hackers aimed a DDoS attack at J.P. Morgan, U.S. Bancorp, PNC Financial Services Corp. and Wells Fargo & Co. in 2012, according to U.S. officials.

Write to Emily Glazer at emily.glazer@wsj.com and Robin Sidel at robin.sidel@wsj.com

Subscribe to WSJ: http://online.wsj.com?mod=djnwires

Bank of America (NYSE:BAC)
Historical Stock Chart
From Feb 2024 to Mar 2024 Click Here for more Bank of America Charts.
Bank of America (NYSE:BAC)
Historical Stock Chart
From Mar 2023 to Mar 2024 Click Here for more Bank of America Charts.