- Guy who said he stole drugs from MS-13 now says viral story is fake 5 Years Ago
- Financial service company left 885 million private records exposed online Today 3:13 PM
- Sasha Obama went to prom and Twitter is delighted with the photos Today 2:22 PM
- Jon Voight says Trump is the greatest president since Lincoln in Twitter videos Today 1:31 PM
- #DeleteFacebook gains momentum after the platform refused to remove doctored Nancy Pelosi videos Today 11:58 AM
- ‘Game of Thrones’ failed women—and it’s a shame on its legacy Today 7:40 AM
- How to use Tor, the network that lets you browse the web anonymously Today 7:30 AM
- How to live stream Devin Haney vs. Antonio Moran on DAZN Today 7:00 AM
- Trump’s transphobic policies are disgusting—but they aren’t new Today 6:30 AM
- How to watch the Copa del Rey Final online for free Today 5:45 AM
- How to watch the DFB-Pokal final for free Today 5:30 AM
- Curvy Wife Guy drops music video for rap song ‘Chubby Sexy’ Friday 7:33 PM
- A ‘Black Mirror’-inspired miniseries is coming to YouTube via Netflix Latin America Friday 5:56 PM
- Kanye West appears on David Letterman’s Netflix show to talk Trump, TMZ, and Drake Friday 3:27 PM
- QAnon believers link small-town arrest to deep state conspiracy without evidence Friday 1:58 PM
Stay safe out there.
JPMorgan Chase, the largest bank in the United States, was hit by a cyberattack this summer that compromised accounts belonging to 76 million households and 7 million small businesses. Accounts from the firm’s websites and mobile app are both affected by hackers who appear to have been operating from overseas. The New York Times narrowed the possible origin point to Southern Europe, possibly Italy.
These numbers rise far above the bank’s previous estimates of 1 million accounts breached.
The attack, carried out from June to July, rivals in size the most headline-grabbing breaches of the last year including at Target and Home Depot. However, the JPMorgan breach has the potential to be much more damaging because, as a bank, it possesses far more sensitive data than the retailers that were breached this year.
The stolen data, an unnamed source briefed on the matter told Bloomberg, includes user names, phone numbers, addresses, and email addresses. And the identifying information “such as whether they’re clients of the mortgage, auto, credit-card or private-bank divisions” were also exposed.
Account numbers, passwords, usernames, dates of birth, and Social Security numbers do not appear to have been taken, according to JPMorgan. Moreover, bank officials say that they’ve seen no fraud activity related to this event.
Regardless, customers should be weary of phishing scams. The hackers now possess detailed contact information, so they can use that information in phishing scams, where criminals will contact people by email, phone, or even regular mail in attempts to compromise further information. Be extra vigilant against suspicious emails, links, and any other contact that seems out of the ordinary from unknown senders.
Although JPMorgan says that changing usernames, passwords, cards, or monitoring identity and credit monitoring isn’t necessary, customers should report any supicious transactions or activity to the bank when they see it.
The bank, which spends $250 million on digital security annually, according The New York Times, has reportedly been losing security staff to competing banks.
Making the situation potentially more complex, the hackers went after more than just customer data. They downloaded a full list of applications that run on the bank’s systems, meaning they may know which vulnerabilities will be of most use to gain entry again, Bloomberg reports.
In the wake of so many high profile breaches against major businesses, JPMorgan Chase chairman Jamie Dimon ominously called the battle against cyberattacks “continual and likely never-ending.”
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.