JP Morgan Chase confirmed that the information from 76 million households and 7 million businesses was compromised after a cyberattack over the summer.
The largest bank in the US first announced the massive attack back in July, but only exposed the scale of the attack Thursday in an 8-K filing with the Securities and Exchange Commission.
The breach was one of the largest ever reported from a corporation. According to The New York Times, cybercriminals gained “the highest level of administrative privilege” on 90+ Chase servers.
Although the company said there has not been “any unusual customer fraud related to this incident,” the filing revealed the hackers gained access to names, addresses, email addresses, phone numbers and the ominously noted “internal JPMorgan Chase information.” The bank said there has been no sign that account numbers, passwords, usernames, Social Security numbers or birthdays were stolen.
Essentially, by taking root on the bank’s servers, the attackers could do anything they wanted—transfer funds, close accounts, etc. Some experts suspect that the persistence of the attackers, without stealing any money, is a warning that there is a very severe impending attack.
To quell customers’ concerns, Chase has published an FAQ page that includes information on who was affected, what was stolen, what was untouched and more, noting that the attack has been stopped and they “have no evidence that the attackers are still in [their] system.”
The page warned customers of phishing attacks, which followed the last major JP Morgan Chase breach and affected numerous victims. Since emails and telephone numbers were both released to the hackers, patrons should be extra cautious of communication disguised to be from Chase when really it is from cybercriminals. Those who have been affected should bear in mind that is extremely unlikely that banks or any other companies are likely to ask for sensitive information via email or phone and thus be very leery of any attempts to do so.
A security breach can not only be extremely costly, but it can also destroy a company’s credibility and eliminate customers’ faith. Make sure your company’s data is safe by finding the right information security professionals through Tiro Security, a leading provider of information security jobs Los Angeles.