JPMorgan Chase revealed this week that 76 million households were affected by a cyberattack against the bank this summer. Here are four things Chase customers need to watch out for:
1. DON’T CLICK ON EMAIL LINKS
After big data breaches, scammers start sending out emails. The emails may mention Chase, or past breaches. Never click on any links. Malware could be downloaded to your computer and steal account passwords and other information, Litan says.
2. WATCH THE MAILBOX TOO
Scammers could also send letters. Some might claim you’ve won a tablet, vacation or other prize and give you a phone number to call. Don’t do it. It’s probably a way to get more personal information from you.
3. HANG UP THE PHONE AND IGNORE TEXTS
Since phone numbers of Chase customers were stolen, be wary of calls asking for account numbers or other information. Crooks are sending texts now too, so don’t click any links from numbers you don’t know. “You can’t trust any communications anymore,” Litan says.
4. DON’T OVERLOOK SMALL CHARGES
Crooks will charge smaller amounts to your credit card, usually under $10, to see if you notice, then charge a bigger amount later. It’s best to check online statements for suspicious activity once a week. But if you don’t have time for that, scan statements every month. “It’s a pain in the neck,” says Litan, “but that’s what you have to do.”
New details on a cyberattack against JPMorgan Chase & Co.’s computer servers this summer add to increasing doubts over the security of consumer data kept by lenders, retailers and others.
The New York-based bank disclosed Thursday that the breach compromised customer information pertaining to roughly 76 million households and 7 million small businesses.
Among the customer data stolen were names, addresses, phone numbers and email addresses, though only customers who use the websites Chase.com and JPMorganOnline and the apps ChaseMobile and JPMorgan Mobile were affected, the bank said.
Chase customer Skyler Wood of Springboro said he received a message from the bank Friday morning. He said the breach worries him.
“It does to a certain extent, but I don’t really know what the alternative would be. I don’t want to use cash everywhere cause it’s just more convenient with the debit card,” Wood said.
He said he checks his accounts frequently to make sure there is no suspicious activity.
“I check on a daily basis and I have alerts. If there is an online deduction over a certain amount I get an email and a text. If my balances go below a certain amount I get an email and text,” Wood said.
JPMorgan stressed that there’s no evidence that the data breach included account numbers, passwords, Social Security numbers or dates of birth. It also noted that it has not seen any unusual customer fraud stemming from the data breach.
The server breach follows data thefts that have hit financial firms and major retailers this year, adding to consumer concerns over the risk of identity theft and fraud.
Sherri Sword of the Better Business Bureau of Dayton said consumers must be vigilant in monitoring their accounts.
“When those statements come in the mail. Don’t just throw them on the dining room table and ignore them, open them up, look at them and make sure that everything on it are things that you have initiated,” Sword said.
Although the breach didn’t compromise account numbers, it doesn’t mean consumers are safe, said Sword.
“With just a little bit of information, scammers can get a lot of information. It’s important for consumers to change their passwords once a month or quarterly,” Sword said.
The Chase heist is even more disturbing than the recent retail breaches because banks are supposed to have fortress-like protection against intruders, said Gartner security analyst Avivah Litan.
“This is really a slap in the face of the American financial services system,” Litan said. “Honestly, this is a crisis point.”
JPMorgan Chase, the nation’s biggest bank by assets, has been working with law enforcement officials to investigate the cyberattack.
The bank discovered the intrusion on its servers in mid-August and has since determined that the breach began as early as June, spokeswoman Patricia Wexler said.
“We have identified and closed the known access paths,” she said, declining to elaborate.
She also declined to comment on whether JPMorgan has been able to determine who was behind the cyberattack on its servers.
In response to the data breach, the company has disabled compromised accounts and reset passwords of all its technology employees, Wexler said.
In a post on its Chase.com website, the bank told customers that it doesn’t believe they need to change their password or account information. It also noted that customers are not liable for unauthorized transactions when they promptly alert the bank.
The breach is yet another in a series of data thefts that have hit financial firms and major retailers.
Last month, Home Depot said that malicious software lurking in its check-out terminals between April and September affected 56 million debit and credit cards. Michaels and Neiman Marcus also have been attacked by hackers in the past year.
A data breach at Target in December compromised 40 million credit and debit cards. TJX Cos.’s theft of 90 million records, disclosed in 2007, remains the largest data breach at a retailer.
Fairborn resident Nicole Hines said she avoids using debit and credit cards.
“The breaches keep happening more and more, so it’s kind of made me suspicious,” Hines said.
The Associated Press contributed to this story.
About the Author