Names, addresses, phone numbers and email addresses of about 83 million JPMorgan’s households and small business accounts were compromised when computer systems of the U.S. biggest bank got under cyberattack, one of the biggest data breaches in history.
JPMorgan reported the scope of the previously disclosed breach, assuring that there was no evidence that account numbers, passwords, user IDs, birth dates or Social Security numbers had been stolen.
The bank added that it has not seen “unusual customer fraud” related to the attack which exposed contact information for 76 million households and 7 million small businesses.
“The people affected are mostly account holders, but may also include former account holders and others who entered their contact information at the bank’s online and mobile sites, according to a bank spokeswoman,” Reuters writes.
“Security experts outside of the bank warned that the breach could result in an increase in crime as scammers will likely attempt to use the stolen information to engage in various types of fraud,” the publication adds.
The bank’s customers should be on heightened alert for fraud, believes Mark Rasch, a former federal cyber crimes prosecutor.
“All of this data is useful to hackers and identity thieves,” he revealed. “The kind of information that was stolen is not sensitive itself, but is frequently used to validate people’s identities.”
Tal Klein, vice president with the cybersecurity firm Adallom, suggested that the breach could undermine confidence in the security of banks and other companies that people assume are well protected from hackers.
“Criminals could literally take on the identities of these 83 million businesses and people. That’s the biggest concern,” he said.
“Until now the assumption has been that the companies that get breached are the ones that have poor security practices, but we know that JPMorgan had a good security program and that they invest heavily in this area,” he said. “So what we are waking up to is that the fundamental nature of security is broken.”
Meanwhile, the bank told its customers on its website that it does not believe they need to change their passwords or account information.
Company spokeswoman Patricia Wexler said that the bank is not offering credit monitoring to its customers because no financial information, account data or personally identifiable information was compromised.
At the end of August, the U.S. biggest bank aknowleged that it was working with the country’s law enforcement authorities to investigate and prevent a possible cyber attack. As with home break-ins, it can take victims of data attacks months to discover what, if anything, is missing.
“For context on the size of this breach, a recent cyber attack against Home Depot affected 56 million customer cards, in what was reported to be the biggest retail hack in history. Late last year, a data breach at Target affected roughly 40 million customers at the height of the holiday shopping season,” The Huffington Post says.