JPMorgan Chase, one of the biggest banks in America, confirmed a massive cyber attack which affected 76 million households and seven small businesses on Thursday, October 2, 2014. Although there have been numerous data breaches at major retailers in the recent past — including the one last month at Home Depot (56 million credit card numbers were stolen) — the Chase cyber attack is significant because it’s the biggest breach at a bank.
According to the Data Breach Category Summary by the Identity Theft Resource Center, the total number of records exposed between 2005 to 2014 totaled at 641,037,690 as of September 18, 2014. Within the data, only 13.2 percent of it has been records compromised in the banking/credit/financial category, while the majority — 55.6 percent of the total records exposed — was in the business category.
This Chase data breach stands on a scale of its own, as hackers were able to access the internal workings of a bank’s computer systems.
The good news is that the relatively small number of exposed information may be a result of the added investment and attention that banks have made in order to protect its customers against this type of attack. The bad news is, hackers are able to obtain personal information much quicker than banks can come up with protective measures.
Customers should be concerned because their information is potentially at risk, whereas data stolen through a retailer usually just means a person’s credit card information was compromised. A person’s bank account information being stolen is a much scarier thought — credit card numbers can always be easily replaced.
What information was stolen?
It was confirmed that the customers’ contact information was compromised. This includes names, addresses, phone numbers and email addresses. You can rest assured as hackers have no way of getting to your account with this basic information. Contact information is simply what Chase uses to communicate with customers, and is in no way used as a verification process.
Chase has confirmed in its regulatory filing on Thursday that there was no evidence of any of the following financial information being compromised: account numbers, passwords, date of birth, user IDs and Social Security numbers.
What you should do?
We contacted Chase and asked if there was anything customers should do at this point. Chase said they were looking closely into this matter and customers will not liable for any unauthorized charges.
The only thing they ask is that you promptly alert them if you notice any unauthorized transactions on your account. Note that any unauthorized transactions you report after 60 days of it happening makes it harder to dispute.
Although Chase has not publicly advised their customers to change their passwords or account information, as a precautionary measure, it may not be a bad idea to change your password.
If you want to be extra careful, it would be a good idea to get a replacement debit card with a new number.
If your information has been compromised
If Chase determines your account to be at risk, they will freeze your account. They will first try contacting you through your phone number and email address, and send you a letter.
The letter will contain details on what happened and what number you should call.
Watch out for phishing
Since hackers gained access to customer contact information, it is highly likely they will use it for something called phishing. For this reason, all customers should be extra careful if and when they receive an email or phone call from Chase. Make sure it’s a real email or representative calling you.
If you receive a call asking you for your information, Chase is asking that you disregard the phone call and report it to them right away. The best way to prevent becoming a victim is by calling Chase directly using the number on the back of your debit or credit card.
The Chase customer service representative we spoke to confirmed that this type of phishing has been reported from customers.
Contacts through your email are also vulnerable, as hackers now have your email addresses. Never click on links asking you log in or provide any information. If you receive a questionable email, forward it to email@example.com.
As the world becomes more digitally connected, cybercriminals are becoming more clever. They are able to attack the databases of large corporations, including retailers and banks, from anywhere in the world. The Chase hackers were thought to be located outside of the U.S.
The stream of intrusions began in June but wasn’t discovered until July. The Chase data breach was originally thought to have targeted about 1 million people — unfortunately, 70 million have been affected.
The good news is, unlike recent attacks that we’ve seen at major retailers, Chase has detected no unusual or fraudulent activities related to this massive cyber attack.