The agents found little evidence of a broader attack. What they did find were systematic security failures riddling some of the most important U.S. financial institutions. It turned out that many on the list were vulnerable to the same attack that struck Nasdaq. They were spared only because the hackers hadn't bothered to try.
Multiple entities had unrestricted access to the Nasdaq's networks for up to three months. Four years later, we don't have a clear picture on what they did or why, and we have more proof that the places we assume are secure are in fact not very.