JPMorgan Chase, America's largest banking institution, reported that a security breach discovered this summer affected 76 million households and 7 million small businesses.
The breach began in June and was discovered in July, and until a few weeks ago JPMorgan officials reported that only 1 million households were compromised and stating that they believed their networks to be secure. The second wave of the breach was discovered this week and constitutes one of the most significant hackings Americans have ever experienced.
The incident is causing consumers to worry about their online financial security in a new way, because banks have previously been considered inviolable thanks to expensive, state-of-the-art software and highly trained employees. Criminals have stolen customers' personal ATM information before, but never successfully infiltrated a bank's internal computer system.
Apparently working from overseas, the cybercriminals initially gained access to the networks by hacking into an employee's work account, which was accessed from a personal computer. From there, the hackers were able to dive further into the system and plant malicious code that compromised customer names, birthdates, phone numbers and email addresses.
JPMorgan has since disabled accounts deemed vulnerable, reset passwords of all employees and is analyzing the data collected from the 90 affected servers. The bank points out that no individual account information, such as passwords or social security numbers, were stolen in the breach and there has been no sign of increased fraud.
This is reassuring for consumers, as it seems the breach was relatively ineffective for its size, although security officials are puzzled as to the intent of the hackers. Some are even speculating that the breach could have been executed by members of the Russian government.
One way the cyber-criminals could make a profit from using- stolen email addresses is to phish — sending fraudulent emails to bank customers asking them to login to a Chase look-alike website, thereby stealing their account credentials. In August there were reports of such emails apparently targeting Chase customers, but there's no sign yet on whether these two incidents are related.
JPMorgan spokeswoman Kristin Lemkau refuted headlines reporting that this breach is the largest in history, stating that any such claims was effectively "comparing apples and oranges."
The institution has pledged to spend $250 million annually on security measures, but many members of its security staff have reportedly been moving to other banks, perhaps causing a disruption in customer protection and warranting a greater expenditure.
Jamie Dimon, JPMorgan's chairman and chief executive, said earlier in his yearly newsletter to shareholders, ""We're making good progress on these and other efforts, but cyberattacks are growing every day in strength and velocity across the globe."
The bank says there is no need for customers to change their passwords or account information, and that any fraudulent charges that might arise will be taken care of.
To avoid these kinds of hacks, it's crucial that you create long passwords full of both numbers and letters. Most importantly, never use the same password for more than one account. If you need help keeping track of all this, take advantage of a password manager to help you out by encrypting your information while keeping it available to you for access.