According to the Today Online report just out, the number of accounts affected by the JPMorgan Chase exploit has now topped 83 million.
The names, addresses, phone numbers & email addresses of the holders of some 83 million personal and small business bank accounts were exposed when computer systems at JPMorgan Chase & Co were recently compromised by hackers, making it one of the biggest data breaches in history – if not the largest.
The bank claimed last Thursday, that the account numbers, passwords, user IDs, dates of birth and Social Security numbers were NOT compromised or stolen. They also added that no unusual fraudulent activities have been observed from the accounts with exposure to the breach.
Security experts are warning that even if the banking details themselves are not at risk, the fact that the names + emails are leaked, is enough for scammers to produce highly targeted phishing scams, which have a better chance of catching the recipients unaware when they have the correct bank details. ie, when a scammer sends a phishing email and they have your correct bank, it’s more likely to be opened than when the bank is one where you have no relationship or accounts held.
Were you affected by the Chase Exploit?
You were affected if you use Web or mobile services for these sites: Chase.com, JPMorganOnline, Chase Mobile or JPMorgan Mobile.
What are the risks from this exploit?
As mentioned, JPMChase has said that they have not seen unusual levels of fraudulent activity attached to these accounts, which is what we expect as the bank details themselves were not leaked, however, the risk of highly targeted scam emails (phishing) is not to be underestimated. If the criminals with these details have access to further exploit data, then a name which is not common in a town or city might easily be matched to a Chase credit card from the Home Depot exploit.
The biggest concern is that they details leaked might be used in identity theft operations – either after attempting to gather more information, or by combining the information found in other leaks (such as Target and/or Home Depot).
Should you change your password?
JPMorgan has said that this is not necessary – although regularly changing your password and ensuring different passwords for different accounts is always a good idea.
Do I need credit monitoring?
JPMorgan stated that while unnecessary due to increased exposure from this exploit, this type of service is always a good idea. We would recommend talking to your credit card company, as you might already have access to free or subsidized credit monitoring through your existing arrangements, or, through Credit Sesame – a Mountain View, CA based company which is offering free credit monitoring to the Chase breach customers: CreditSesame.com/Chase-Breach-Victims.
The free identity protection service offers peace of mind for all consumers affected by the recent data breaches. By signing up with Credit Sesame, in just a few minutes, consumers will automatically be covered with $50,000 of identify theft insurance and immediate access to certified identity restoration specialists in the event that one’s identity is stolen.
“No information is valueless to hackers and we should not be complacent in thinking that everything is OK because only things like names, addresses or email addresses were exposed,” said Neal O’Farrell, Security and ID Theft Expert at Credit Sesame. “Hackers can connect the dots and use the information to get an even clearer picture about a consumer, their habits and their life. The data can also be used in phishing email scams or to hack into an email account and gain access to years of information about a person’s life.”