Other large financial institutions are checking their systems for indicators of attempted hacks, and several unspecified organizations are reported to have found traffic on their servers from computer addresses linked to the criminals. None of these institutions, however, believe they were successfully breached.
Security experts say the thieves were most likely "probing" the security systems, searching for weaknesses and vulnerabilities that could facilitate breaches. In fact, it is the cybercriminals' foresight and patience that has the banking world most concerned, because this mindset suggests a long-term and malicious plan of attack.
The hackers returned to the JPMorgan network four times after making the initial breach, apparently testing boundaries to see how far they could penetrate into the system. This is far different from the relatively simple, grab-and-run type of theft we saw in the Target and Home Depot-like retail attacks, leading some concerned citizens to point the finger at Russian intelligence, although there is no firm evidence that the hack originated in Russia at all.
"Their goal could have been mayhem, not just cash," Ed Mierzwinski, consumer program director at U.S. Public Interest Research Group (PIRG), told The Washington Post. "We've built a lot of protections into our banking system, but I'm not sure that we've really thought through all of the risks today and whether we've done enough."
JPMorgan reported spending $250 million a year on cyber-security prior to the attacks. This converts to $2,500 per employee each year compared with $400 spent per employee by the average retailer. The fact that America's largest bank, which spent millions on protection, was hacked raises questions about whether we can ever reasonably hope to evade hackers.
It is reassuring, however, that the cybercriminals did not gain access to customer account information. Actual accounts are more heavily guarded than general customer information, which is why the thieves were only able to steal names, email addresses, telephone numbers and birthdates, but couldn't access any funds, account numbers or social security numbers.
Just because the hackers can't directly access your account, though, doesn't mean you shouldn't remain vigilant. They now have private information on approximately two-thirds of American households, and this data could be used to commit further crimes via phishing. Criminals can send an email or telephone call to the stolen addresses or phone numbers, pretending to be JP Morgan and requesting account login credentials. The fraudulent websites and voice messages can be extremely convincing, so never volunteer your information to an unverified person. It's always best to be safe rather than sorry — don't give out data online or over the phone, especially over the next few months.
If you're worried about your information being used to commit credit fraud, consider signing up for a credit monitoring service so you can be alerted when certain activity that may indicate identity theft occurs. Your credit score is important in securing new lines of credit so regular monitoring can help you keep close track and have peace of mind.