JPMorgan Chase, America's largest bank, has officially confirmed concerns about its latest security breach. The bank announced that 76 million households and 7 million small businesses were compromised in its July attack, a much larger number than the 1 million households the bank originally estimated.
This marks the first time hackers have successfully infiltrated a bank's internal computer system, gaining top level administrative access to 90 servers. However, it appears that none of the servers in question contained customer account information, so no money was stolen and there's no need for consumers to change their passwords. Security experts are confused about the motive of such an attack, since there seems to be little potential profit involved, leading some to speculate that the breach was masterminded by the Russian government.
Cyber-criminals did gain access to customers' names, email addresses and phone numbers. This information could be used to launch phishing expeditions, wherein hackers send fraudulent emails to individuals, claiming to be trustworthy institutions. The customers then login to a fake JPMorgan website, supplying the thieves with their account login information. In August, reports surfaced of phishing attacks apparently targeted at Chase customers, but there's no word yet on whether these two incidents are related.
Yesterday evening JPMorgan's chief operating officer, Matt Zames, sent a memo to employees stating that the attacks were "highly unfortunate and are also a reminder that we all must be increasingly vigilant in the cyber world." He went on to encourage extreme caution when managing work passwords and email accounts.
If you own a small business, it's important to take special care when choosing a credit card processor. A system with extra security could save you and your customers both time and money.