JPMorgan Chase has revealed that a cyberattack over the summer affected more than 76 million household accounts and 7 million small business accounts, the biggest data breach yet in the recent series of hacks on major U.S. consumer businesses and a renewed wakeup call to customers to protect their online information. Taking five minutes to institute quick, simple security measures could be all that's necessary for individuals to prevent their identity from being bought and sold on the international black market.
Modern consumers have little choice but to trust stores, banks and other institutions with their financial information. There’s nothing an individual Target shopper or Chase Bank customer can do to stop corporate infiltration from Chinese or Russian hackers, but individuals can respond accordingly when it’s clear that information may have been compromised.
And a shocking number of people have been compromised. JPMorgan said Thursday in a filing with the U.S. Securities and Exchange Commission it was the victim of the biggest data breach in history, with customer names, addresses, phone numbers and email addresses stolen. Anyone who logged onto Chase’s website or mobile app in June or July should consider themselves at risk, the company said, though there have yet to be any signs of fraudulent activity.
Here's what to do:
- Change passwords. The most important thing individual Chase customers can do is to immediately change their online and mobile app passwords, as well as the PIN identification numbers for their credit and debit cards. All customers are also advised to change their security questions, possibly even to false but memorable answers as hackers have proven the ability to find the answers to an individual’s security questions within minutes.
- Watch account activity. Next, customers should keep close watch on their accounts. Unlike the popular idea of identity theft, where people criminals take a vacation on their victims’ dime, hackers have begun to steal small amounts from many customers. Any unusual activity should be reported to Chase immediately.
- Beware of phishing emails. It’s also essential to be on the lookout for suspicious emails from Chase customer service. Any message that asks recipients to follow a link or download a file (even a .PDF) should be ignored and deleted immediately. Phishing scams, as innocuous as they seem, are still among hackers’ favorite tactics and can be sophisticated enough to deceive trained security professionals.
- Turn on two-factor authentication. To prevent future vulnerability, customers should turn on two-factor authentication, which adds a step to a customer’s login process by sending them an email or text message verifying that a person wishes to access their account online.
Still, by all accounts, in this case there’s no reason to panic. Chase’s SEC filing says there’s “no evidence that account information for such affected customers – account numbers, passwords, user IDs, date of birth or Social Security numbers” were lost in this attack.
The FBI is aiding the investigation, which highlights how vulnerable sensitive networks remain in the digital age.