Your credit card data may not be safe anywhere anymore. Yesterday, it was revealed that banking giant JPMorgan Chase was the victim of a massive security breach that compromised as many as 76 million household accounts and 7 million small business accounts. If the numbers hold, the compromise is one of the largest in U.S. history.
According to the New York Times, the hack first began sometime in June 2014 and went unnoticed until July. The bank only believed one million accounts to be affected at the time. It wasn’t until “just a few weeks ago,” the Times says, that JPMorgan Chase realized the full extent of the breach.
Customer names, addresses, phone numbers and e-mail addresses were among the data taken by the thieves. Other information about the types of accounts customers’ hold was taken as well. But says JPMorgan Chase, “there is no evidence that account information for such affected customers – account numbers, passwords, user IDs, dates of birth or Social Security numbers – was compromised during this attack.” There are no reports of thieves using the stolen data to commit fraud.
What makes this hack truly scary, however, isn’t the extent of data that the hackers accessed. It’s the fact that the bad guys were able to obtain “the highest level of administrative privilege” on the company’s servers. After all, as a bank, JPMorgan Chase employs a far greater level of security than previous retail hacking victims Home Depot and Target. If your data isn't safe there, it isn't safe anywhere.
What you can do
Hackers may not have taken customer account credentials, but given the nature of the attack and the sensitivity of your financial data, you should take a moment to create new, strong passwords for all your JPMorgan Chase accounts. Also be sure to keep a close eye on your banking statements and credit reports for unauthorized charges over the coming months. Report any fraudulent activity to the bank immediately.
Given the nature of the data taken, it seems likely that it will eventually be used for highly targeted phishing attacks against JPMorgan Chase customers. Be incredibly cautious of emails claiming to be from the bank, especially those that request you click a link or download a file. Type links into the address bar of your browser manually instead.
[Credit card phishing via Shutterstock]