The recent co-ordinated cyber attack on JP Morgan may be more serious and much larger than first thought
JPMorgan Chase & Co has admitted that it has suffered one of the world’s largest ever data breaches.
It comes after the FBI and Secret Service announced in late August that they were investigating “co-ordinated” cyber attacks on a number of US banks, some of which were reportedly carried out by Russian hackers. JPMorgan was one of the American banks targeted.
Money Is Safe
The bank admitted on Thursday that the hackers had exposed the names, addresses, phone numbers and email addresses of the holders of some 83 million households and small business accounts. That makes it one of the biggest data breaches in history.
Despite the large numbers concerned, with the details of 76 million households and 7 million small businesses exposed, Reuters quoted the bank as saying that there was no evidence that account numbers, passwords, user IDs, birth dates or social security numbers had been stolen. The bank also apparently said it has not witnessed any “unusual customer fraud” related to the attack.
This has led JPMorgan to apparently advise its customers that they don’t need to change their passwords or account information. The Wall Street Journal said that the bank had announced that customers wouldn’t be liable for any unauthorised transactions on the account – so long as the bank is notified.
Reuters meanwhile quoted a bank spokeswoman, Patricia Wexler, as saying that the bank is not offering credit monitoring to its customers because no financial information, account data or personally identifiable information had been compromised.
But the fact that the names, address, telephone numbers and email addresses of account holders have been compromised will worry security experts, as this type of stolen information can often be used in other forms of online fraud and identity theft. For example, hackers can use the stolen email addresses to send out fake emails, directing customers to impostor websites.
The bank’s customers should be on heightened alert for fraud, Mark Rasch, a former federal cyber crimes prosecutor, was quoted by Reuters as saying. “All of this data is useful to hackers and identity thieves,” he reportedly said. “The kind of information that was stolen is not sensitive itself, but is frequently used to validate people’s identities.”
The exposure of the personal details of 83 million account holders, makes the JPMorgan breach one of the largest in recent times.
In September, Home Depot confirmed its payment systems were breached in a cyberattack that resulted in the theft of credit and debit card for 56 million account holders.
Giant US retailer Target reported lasted December that about 40 million payment card accounts had been hacked during the pre-Christmas shopping season. Later, in an update, it said that about 70 million customers had their addresses, phone numbers and other information compromised.
A few months later, the company’s CIO resigned.
Last October, Adobe Systems admitted that a security breach had a significantly wider impact that had initially been feared, with 38 million encrypted passwords stolen.
Are you a security pro? Try our quiz!