JP Morgan Chase has released a cyber-attack update on one of the largest security intrusions in the history of data network usage. More than 76 million homes and nearly 7 million businesses were affected when their account information was compromised in August. The bank recently disclosed details of the attack in Oct. 2, 2014, security filings with the Securities & Exchange Commission (SEC).
The New York Times reported the online attackers gained access to cardholders’ information. Ultimately, the hackers found a list of programs on the JP Morgan Chase database. They were then able to cross reference this list with known program vulnerabilities, which gave them access to the names, email addresses, phone numbers and physical addresses of JP Morgan Chase account holders.
This is the second incident in less than three months for the nation’s largest bank. The first breach, which occurred in June, took the JP Morgan security team nearly one month to recognize. By then, bank informants say, hackers had already achieved top administrative privileges to several bank servers.
JP Morgan Chase published an FAQ for customers who are concerned about the attack. The Chase Bank website states that all access paths have been identified and closed. At this time, there is no knowledge that the hackers are still within the banking system. How they were able to get extensive access into the servers is unknown.
Amid the SEC filings, JP Morgan Chase reassured account holders that no money had been taken from any accounts nor has compromising account information been accessed. What account holders want to know is if their personal information is safe and what is the bank doing to ensure the highest level of account security.
Faced with continuous threats of online phishing crimes, JP Morgan Chase did comment to the New York Times that the bank plans to spend $250 million dollars annually on updated security features. Currently, the bank is experiencing a high turnover with their online security department. Many of their skilled staffers have left the company to work for other organizations.
Even though the overseas cyberattackers were able to get away with some account details, JP Morgan Chase spokeswoman Kristin Lemkau says no critical information such as account information, social security numbers or dates of birth were taken. But to many Americans, the personal information that was obtained by the hackers is just as valuable.
Regarding the recent attack on Home Depot, Lemkau said comparing the scale and magnitude of this potential breach is like comparing “apples to oranges.” The bank understands it has access to a large percentage of the American population’s account information and seeks to improve the situation quickly.
As businesses rely more on data networks, the growing dependency will only become worse. “There are many side effects that, as a whole, we are not adequately prepared to handle,” said Dan Kaminsky, co-founder and chief scientist at White Ops, to a New York Times reporter.
Forbes reports JP Morgan Chase has not asked anyone to change their passwords, but it is always good practice to change your account passwords frequently and often. ConnectSafely.org, a non-profit organization, provides the public with additional password safety and online security advice. They advise that users create unique passwords and keep them safe. If possible, try to add a good mix of uppercase letters, lowercase letters and special characters and symbols. In the largest cyberattack in history, JP Morgan Chase adds that no account passwords were accessed or compromised.
By Carolette Wright