hack exposed data of 83 million, among biggest breaches in history
Send a link to a friend
[October 03, 2014]
(Reuters) - Names, addresses, phone
numbers and email addresses of the holders of some 83 million households
and small business accounts were exposed when computer systems at
JPMorgan Chase & Co <JPM.N> were recently compromised by hackers, making
it one of the biggest data breaches in history.
The bank revealed the scope of the previously disclosed breach on
Thursday, saying that there was no evidence that account numbers,
passwords, user IDs, birth dates or Social Security numbers had been
It added that it has not seen "unusual customer fraud" related to
the attack which exposed contact information for 76 million
households and 7 million small businesses.
The people affected are mostly account holders, but may also include
former account holders and others who entered their contact
information at the bank’s online and mobile sites, according to a
Security experts outside of the bank warned that the breach could
result in an increase in crime as scammers will likely attempt to
use the stolen information to engage in various types of fraud.
The bank's customers should be on heightened alert for fraud, said
Mark Rasch, a former federal cyber crimes prosecutor.
"All of this data is useful to hackers and identity thieves," he
said. "The kind of information that was stolen is not sensitive
itself, but is frequently used to validate people's identities."
Tal Klein, vice president with the cybersecurity firm Adallom, said
that the breach could undermine confidence in the security of banks
and other companies that people assume are well protected from
"Criminals could literally take on the identities of these 83
million businesses and people. That's the biggest concern," he said.
[to top of second column]
"Until now the assumption has been that the companies that get
breached are the ones that have poor security practices, but we know
that JPMorgan had a good security program and that they invest
heavily in this area," he said. "So what we are waking up to is that
the fundamental nature of security is broken."
Still, JPMorgan advised customers on its website that it does not
believe they need to change their passwords or account information.
Company spokeswoman Patricia Wexler said that the bank is not
offering credit monitoring to its customers because no financial
information, account data or personally identifiable information was
At the end of August, JPMorgan said it was working with U.S. law
enforcement authorities to investigate a possible cyber attack. As
with home break-ins, it can take victims of data attacks months to
discover what, if anything, is missing.
(Reporting by Tanya Agrawal in Bangalore, David Henry in New York
and Jim Finkle in Boston.; Editing by Ted Kerr and Bernard Orr)
[© 2014 Thomson Reuters. All rights
Copyright 2014 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.