JPMorgan Chase cyberattack exposes over 80 Million accounts2014-10-03 09:12 by Daniela
Tags: JPMorgan, security, hackers
JPMorgan revealed Thursday that cybercriminals gathered information on more than 80 million account holders as part of a massive bank hack this summer. The impact was far bigger than earlier estimates that about 1 million customers had been affected. The hackers got contact information for 76 million personal accounts and 7 million small businesses. The information that was compromised includes names, addresses, phone numbers and email addresses, as well as "internal JPMorgan Chase information relating to such users." According to the report, there is no evidence that account numbers, passwords, user IDs, dates of birth or Social Security numbers were compromised.
It turns out that hackers were able to gain root access to more than 90 of the bank's servers. That means they "had root" on the servers of one of the largest banks in the world - they "could transfer funds, disclose information, close accounts, and basically do whatever they want to the data," said Jeff Williams, chief technology officer with Contrast Security in Palo Alto, Calif.
JPMorgan detected computer infiltration in August this year. The cyberattack is believed to have begun through a compromised employee computer, which became infected with malware that established a VPN tunnel into the bank's networks. The US Federal Bureau of Investigation (FBI) is currently working with JPMorgan to try and unmask the culprits.
Security experts have warned that the stolen information could be used for different kinds of fraud - such as phishing and cold-calling. Chris Boyd, Malware Intelligence Analyst at Malwarebytes said:
"The data taken is a spammer's goldmine and could be used over a long period of time to drip feed potential victims with phishing, cold calling or targeted malware attacks via email. If any of the 76 million affected have had other data leaked in the past, it would be easy for those behind this attack to build up a robust picture of their targets and throw a little social engineering into the mix, making the emails seem less random and the phone calls more persuasive. Anybody affected should be particularly cautious of emails claiming to be from JP Morgan over the coming months, and if in doubt should contact the sender directly to verify. That same caution would also apply to cold calling, letters and emails."
The bank says on its website that customers do not need to change their passwords or account data.
Read more -here-