JPMorgan data breach adds to concern over security of consumer data at banks, retailersRich
LOS ANGELES – New details on a cyberattack against JPMorgan Chase & Co.’s computer servers this summer add to increasing doubts over the security of consumer data kept by lenders, retailers and others.
The New York-based bank disclosed Thursday that the breach compromised customer information pertaining to roughly 76 million households and 7 million small businesses.
Among the customer data stolen were names, addresses, phone numbers and email addresses, though only customers who use the websites Chase.com and JPMorganOnline and the apps ChaseMobile and JPMorgan Mobile were affected, the bank said.
JPMorgan stressed that there’s no evidence that the data breach included account numbers, passwords, Social Security numbers or dates of birth. It also noted that it has not seen any unusual customer fraud stemming from the data breach.
The server breach follows data thefts that have hit financial firms and major retailers this year, adding to consumer concerns over the risk of identity theft and fraud.
The Chase heist is even more disturbing than the recent retail breaches because banks are supposed to have fortress-like protection against intruders, said Gartner security analyst Avivah Litan.
“This is really a slap in the face of the American financial services system,” Litan said. “Honestly, this is a crisis point.”
JPMorgan Chase, the nation’s biggest bank by assets, has been working with law enforcement officials to investigate the cyberattack.
The bank discovered the intrusion on its servers in mid-August and has since determined that the breach began as early as June, spokeswoman Patricia Wexler said.
“We have identified and closed the known access paths,” she said, declining to elaborate.
She also declined to comment on whether JPMorgan has been able to determine who was behind the cyberattack on its servers.
In response to the data breach, the company has disabled compromised accounts and reset passwords of all its technology employees, Wexler said.
In a post on its Chase.com website, the bank told customers that it doesn’t believe they need to change their password or account information. It also noted that customers are not liable for unauthorized transactions when they promptly alert the bank.
The breach is yet another in a series of data thefts that have hit financial firms and major retailers.
Last month, Home Depot said that malicious software lurking in its check-out terminals between April and September affected 56 million debit and credit cards. Michaels and Neiman Marcus also have been attacked by hackers in the past year.
A data breach at Target in December compromised 40 million credit and debit cards. TJX Cos.’s theft of 90 million records, disclosed in 2007, remains the largest data breach at a retailer.
Chase’s assurances that it hasn’t found any evidence of the personal data being misused shouldn’t be misinterpreted as a reason to rest easy. The information still could be used in a variety of ways to rip off people in the months and years ahead.
That means consumers and business owners need to be more vigilant than ever, making sure to pore over their financial statements each month for any sign of suspicious activity. People also should be more leery than ever of unsolicited phone calls from purported bank representatives, emails fishing for their financial information and even uninvited guests knocking at their doors.
“You have to be paranoid now. You can’t slack off,” Litan said. “There is no such thing as data confidentiality anymore. Everything is out there.”
Jamie Dimon, the bank’s CEO, said in this year’s annual report that despite spending millions on cybersecurity, JPMorgan remained worried about the threat of attacks. By the end of this year, the bank estimates that it will be spending about $250 million annually on cybersecurity and employing 1,000 people in the area.
In August, the FBI said that it was working with the Secret Service to determine the scope of recent cyber attacks against several American financial institutions.
Last month, JPMorgan began notifying customers that it would reissue credit or debit cards in the wake of the data breach at Home Depot. Wexler said the bank doesn’t plan to reissue cards as a result of the breach of its servers, noting that customer account information was not stolen.
AP Technology Writer Michael Liedtke in San Francisco contributed to this report.
CED Solutions is a Cisco Learning Partner, Microsoft Gold Learning Partner and the #1 location for Microsoft Certifications in North America for the last 6 years combined. CED Solutions is a CompTIA Partner, EC Council Partner, and many others and is one of the largest providers of training in North America. The Atlanta facility provides IT training for up to 300 students per day, with separate buildings dedicated to training. CED Solutions provides training for up to 10,000 students per year and students take up to 800 certification exams every two weeks.
CED Solutions provides training and certification for MCSD: SharePoint 2013 Applications Developer; MCSE: SharePoint 2013; Cisco CCNA; Cisco CCNP; Cisco CCNA Security; Cisco CCNP Security; Cisco CCNA Voice; Cisco CCNP Voice; Microsoft MCSA: Windows 2012 Server; MCSA: Windows 2008 Server; MCSA: SQL 2012 Server; MCSE: Business Intelligence SQL 2012 Server; MCSE: Data Platform SQL 2012 Server; MCSE: Desktop Infrastructure Windows 2012 Server; MCSE: Server Infrastructure Windows 2012 Server; MCPD: 6 Cert Visual Studio Developer; MCSD: Windows Store Apps C#; MCSD: Windows Store Apps HTML5; IT Healthcare Technician and many more.