'76m homes hit by JPMorgan breach'

'76m homes hit by JPMorgan breach'

A huge cyber attack against JPMorgan Chase this summer compromised customer information for about 76 million US households and seven million small businesses, the bank said.

JPMorgan Chase said that names, addresses, phone numbers and email addresses were stolen from the company’s servers, but only customers who use the websites Chase.com and JPMorganOnline and the apps ChaseMobile and JPMorgan Mobile were affected.

The New York-based bank said there is no evidence that the data breach included account numbers, passwords, Social Security numbers or dates of birth.

It also said it has not seen any unusual customer fraud stemming from the data breach.

JPMorgan Chase, the nation’s biggest bank by assets, has been working with law enforcement officials to investigate the cyber attack.

The bank discovered the intrusion on its servers in mid-August and has since determined that the breach began as early as June, said spokeswoman Patricia Wexler.

“We have identified and closed the known access paths,” she said, declining to elaborate.

The company also disabled compromised accounts and reset passwords of all its technology employees, Wexler said.

In a post on its Chase.com website, the bank told customers that it doesn’t believe they need to change their password or account information.

The breach is yet another in a series of data thefts that have hit financial firms and major retailers.

Last month, Home Depot said that malicious software lurking in its check-out terminals between April and September affected 56 million debit and credit cards. Michaels and Neiman Marcus have also been attacked by hackers in the past year.

A data breach at Target in December compromised 40 million credit and debit cards. TJX Cos’s theft of 90 million records, disclosed in 2007, remains the largest data breach at a retailer.

Last year, four Russian nationals and a Ukrainian were charged in what has been called the largest hacking and data breach scheme ever prosecuted in the United States.

They were accused of running a hacking organization that penetrated computer networks of more than a dozen major US and international corporations over seven years, stealing and selling at least 160 million credit and debit card numbers, resulting in losses of hundreds of millions of dollars.

Heartland Payment Systems, which processes credit and debit cards for businesses, was identified as taking the biggest hit in a scheme starting in 2007 – the theft of more than 130 million card numbers at a loss of about $200m. Global Payment Systems, another major payment processing company, had nearly one million card numbers stolen, with losses of nearly $93m, according to prosecutors.

The Chase heist is even more disturbing than the recent retail breaches because banks are supposed to have fortress-like protection against intruders, said Gartner security analyst Avivah Litan.

“This is really a slap in the face of the American financial services system,” Litan said. “Honestly, this is a crisis point.”

Chase’s assurances that they have found no evidence of the personal data being misused should not be seen as a reason to rest easy. The information still could be used in a variety of ways to defraud in the months and years ahead.

That means consumers and business owners need to be more vigilant than ever, making sure to pore over their financial statements each month for any sign of suspicious activity. People also should be more leery than ever of unsolicited phone calls from purported bank representatives, emails fishing for their financial information and even uninvited guests knocking at their doors.

“You have to be paranoid now. You can’t slack off,” Litan said. There is no such thing as data confidentiality anymore. Everything is out there.“

Jamie Dimon, the bank’s CEO, said in this year’s annual report that despite spending millions on cyber security, JPMorgan remained worried about the threat of attacks. By the end of this year, the bank estimates that it will be spending about $250m annually on cyber security and employing 1,000 people in the area.

In August, the FBI said that it was working with the Secret Service to determine the scope of recent cyber attacks against several American financial institutions.

Last month, JPMorgan began notifying customers that it would reissue credit or debit cards in the wake of the data breach at Home Depot. Wexler said the bank does not plan to reissue cards as a result of the breach of its servers, noting that customer account information was not stolen.

More in this Section

Business confidence in Cork plummets as Covid-19 overtakes BrexitBusiness confidence in Cork plummets as Covid-19 overtakes Brexit

US stocks bounce despite surge in US jobless claims amid Covid-19 shakeoutUS stocks bounce despite surge in US jobless claims amid Covid-19 shakeout

Business winners and losers: Bord Gáis owner braced for UK customers not paying their energy billsBusiness winners and losers: Bord Gáis owner braced for UK customers not paying their energy bills

Nissan furloughs almost all staff in the UKNissan furloughs almost all staff in the UK


Much has been said about the perils of being stuck in the house 24/7, like family pets interrupting your important conference calls, your partner leaving their dirty dishes everywhere and the lack of respite from the kids.Silver lining: Seven enforced money-saving habits you might want to continue after lockdown

Put you and your loved ones' pop-culture knowledge to the test with Arts Editor Des O'Driscoll's three fiendishly fun quiz rounds.Scene and Heard: the Arts Ed's family entertainment quiz

A passion for heritage and the discovery of some nifty new software has resulted in an Irish architect putting colour on thousands of old photographs, writes Marjorie BrennanBringing the past to life

Richard Hogan, family psychotherapist, addresses a reader's question about life during lockdownHolding on: how to help your child through the crisis

More From The Irish Examiner