JPMorgan Chase, the largest banking institution in the U.S., revealed that 76 million household accounts and 7 million small business accounts were compromised in a recent cyberattack - an attack that was previously disclosed, but was much larger than first thought.
Attackers obtained names, addresses, phone numbers, and email addresses, but not the really sensitive data like account numbers, passwords, user IDs, dates of birth, or social security numbers, according to the bank. In fact, the bank is actually telling people they don't see any reason for customers to have to worry about changing their passwords.
Chase tells customers in a message:
We want to update you further on the cyber attack against our company. After extensive review, here is what our forensic investigation has found to date:
Here's what you should know:
- There is no evidence that your account numbers, passwords, user IDs, date of birth or Social Security number were compromised during this attack.
- However, your contact information - name, address, phone number, and email address - was compromised.
Your money at JPMorgan Chase is safe:
- Unlike recent attacks on retailers, we have seen no unusual fraud activity related to this incident.
- Importantly ,you are not liable for any unauthorized transaction on your account that you promptly alert us to.
We are very sorry that this happened and for any uncertainty this may cause you. We don't believe that you need to change your password or account information. Scroll down for answers to questions you might have. As always, we recommend you use care with your accounts and information, as we describe in our Security Center
We're here to help
Attacks like these are frustrating. There are always lessons to be learned, and we will learn from this one and use that knowledge to make our defenses even stronger.
The New York Times reports:
The hackers appeared to have obtained a list of the applications and programs that run on JPMorgan’s computers — a road map of sorts — which they could crosscheck with known vulnerabilities in each program and web application, in search of an entry point back into the bank’s systems, according to several people with knowledge of the results of the bank’s forensics investigation, all of whom spoke on the condition of anonymity.
The attackers reportedly operated from overseas.
The bank says customers were affected if they used Chase.com, JPMorganOnline, Chase Mobile or JPMorgan Mobile. It says that due to the fact that no financial or account data was compromised, it's no necessary to get credit/identity theft monitoring.
The attack's access paths have been closed, it says.
Image via Wikimedia Commons