[jewel]

A business like JPMorgan will have a large number of systems, with different segments of their data copied around, synchronized (sometimes poorly), partial data dumps to the marketing department, etc. I imagine that the systems containing sensitive data were better protected than the ones that are known to be compromised, with no known vector of attack from the compromised system to the one containing the information.

For example, at a small financial institution where I worked we had a mainframe doing the important financial calculations, and then we had a bunch more data in MySQL for doing reporting and analysis.