Last July, hackers made it into JP Morgan Chase’s customer account database. In a recent filing with the Securities and Exchange Commission, the company disclosed the extent of the breach. It reported that the hackers had access to 76 million household accounts and seven million small business accounts.
That makes the attack one of the largest breaches so far. While hackers did gain access to those customers’ names, addresses, phone numbers and email addresses, JP Morgan Chase reported, “there is no evidence that account information for such affected customers – account numbers, passwords, user IDs, dates of birth, or Social Security numbers – was compromised during the attack.”
The other good news is that so far no money appears to have been taken from any of those accounts, and no suspicious activity has been observed.
The bad news could be that hackers used this attack as a step in another plan yet to be revealed. A security expert told USA Today, “Persistence like that, with no stolen money, is due to a future planned operation – or that the objective was to identify data that was material in some other aspect.”
The fact that criminals managed to gain access to such a large bank’s computers – thought to have the best security available – is disturbing. One security expert, John Gunn of Chicago’s Vasco Data Security International, described JP Morgan Chase as “one of the most secure organizations on this planet.”
Sources involved with the investigation told the New York Times said that hackers were able to get to the highest level of administrative privilege on more than 90 of the bank’s servers. With this access, if they’d wanted to, they could have transferred funds or closed accounts.
Even though no money has yet been taken, customers of JP Morgan Chase should continue to monitor their statements. Customers should also be alert to other scammers who might take advantage of the situation by calling or emailing to “warn” you of suspicious activity on your account and ask you to verify account or personal information. Ignore any emails and if someone calls you claiming to be from the bank, you can thank them and hang up. You have no way to verify that an incoming call is actually from your bank – but you can call back to the number directly on your card or account to confirm whether there is any problem.