14 DAY TRIAL // Following the investigation of the cyber intrusion in August, JPMorgan Chase informs that the data exposed in the incident affects 83 million of its customers.
The institution also disclosed that the attack resulted in compromising user contact details; these consisted of names, addresses, phone numbers and email addresses belonging to about 76 million households and seven million small businesses that used the following web or mobile services: Chase.com, JPMorganOnline, Chase Mobile, or JPMorgan Mobile.
No financial details were compromised, money is safe
The details are comprised in a brief report filed to the Securities and Exchange Commission (SEC) on Thursday. In the document, it is specified that the financial organization has no evidence that bank account details (account number, password, username, social security number or date of birth) have been exfiltrated by the attackers.
This is supported by the fact that no fraud alert linked to this incident has been detected in the case of the affected individuals.
The company offered roughly the same information in a communication to its customers, published on the same day.
JPMorgan Chase emphasizes that, if the institution is promptly alerted, customers are not liable to any unauthorized transaction occurring on their account as a result of the cyber-attack. Also, they stress the fact that the money at JPMorgan is safe.
On a FAQ page built specifically to ease customer worry, the company informs that there is no need to change passwords since the database containing them and corresponding usernames has not been impacted.
Malware has been removed, systems are completely clean
In answering frequently asked questions, the company says that their IT experts have identified the method used by the attackers to breach the system and eliminated it. “We have no evidence that the attackers are still in our system,” the representatives say.
JPMorgan Chase was not the only victim of such an attack, as other banks suffered the same consequences around the same period. It is believed that in the case of at least one bank, a zero-day vulnerability has been used to access sensitive data.
Sources close to the investigation said at the time of the discovery of the incident that details on employees and executives have also been stolen.
The malware, which had been lurking on the systems for months, was caught during a routine scan by the security experts at the company. Attackers were able to gain access to new parts of the network step by step, by checking the architecture first and then building custom tools to move deeper in.
Even if no financial details have been harvested by the hackers, customers still run the risk of being affected by malicious activities.
“Phishing is typically the biggest risk when contact information has been compromised. We encourage you to be cautious of any communications that ask for your personal information. Don’t click on links or download attachments in emails from unknown senders or other suspicious email. We will never ask you to enter your personal information in an email or text message,” JPMorgan Chases says to its customers.