JPMorgan hackers stole data from 76 million households

Chase Tower, Chicago | Flickr - Photo Sharing!

Stay safe out there.

JPMorgan Chase, the largest bank in the United States, was hit by a cyberattack this summer that compromised accounts belonging to 76 million households and 7 million small businesses. Accounts from the firm’s websites and mobile app are both affected by hackers who appear to have been operating from overseas. The New York Times narrowed the possible origin point to Southern Europe, possibly Italy.

These numbers rise far above the bank’s previous estimates of 1 million accounts breached.

The attack, carried out from June to July, rivals in size the most headline-grabbing breaches of the last year including at Target and Home Depot. However, the JPMorgan breach has the potential to be much more damaging because, as a bank, it possesses far more sensitive data than the retailers that were breached this year.

The stolen data, an unnamed source briefed on the matter told Bloomberg, includes user names, phone numbers, addresses, and email addresses. And the identifying information “such as whether they’re clients of the mortgage, auto, credit-card or private-bank divisions” were also exposed.

Account numbers, passwords, usernames, dates of birth, and Social Security numbers do not appear to have been taken, according to JPMorgan. Moreover, bank officials say that they’ve seen no fraud activity related to this event.

Regardless, customers should be weary of phishing scams. The hackers now possess detailed contact information, so they can use that information in phishing scams, where criminals will contact people by email, phone, or even regular mail in attempts to compromise further information. Be extra vigilant against suspicious emails, links, and any other contact that seems out of the ordinary from unknown senders.

Although JPMorgan says that changing usernames, passwords, cards, or monitoring identity and credit monitoring isn’t necessary, customers should report any supicious transactions or activity to the bank when they see it.

The bank, which spends $250 million on digital security annually, according The New York Times, has reportedly been losing security staff to competing banks.

Making the situation potentially more complex, the hackers went after more than just customer data. They downloaded a full list of applications that run on the bank’s systems, meaning they may know which vulnerabilities will be of most use to gain entry again, Bloomberg reports.

In the wake of so many high profile breaches against major businesses, JPMorgan Chase chairman Jamie Dimon ominously called the battle against cyberattacks “continual and likely never-ending.”

H/T Bloomberg | Photo John Picken (CC BY 2.0)

Patrick Howell O'Neill

Patrick Howell O'Neill

Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.