JPMorgan hack puts consumers on guard
In wake of the massive data breach at JPMorgan Chase (JPM), which compromised the contact information of 76 million households, consumers can take comfort that the hackers weren't able to access any confidential information. Unfortunately, the story isn't over.
Hackers likely will try to use the stolen data to con unsuspecting consumers into providing them with information that they can use to steal money from them. These scams can include "phishing," in which crooks use lure customers into disclosing information official-looking email from a well-known company or organization.
JPMorgan, the largest U.S. bank, is urging employees to take precautions such as changing their passwords and logging off their workstations when they aren't being used, according to a memo obtained by Bloomberg News.
"The human element is always the weak link in the chain," said Christopher Budd, senior global communications manager at Trend Micro, told CBS MoneyWatch. "Users can be duped in ways that computers can't. ... Bad guys are good capitalists. They will go where the money is."
The breach is said to have happened in June but wasn't discovered until July. Hackers thought to be from Southern Europe accessed around 90 servers at JPMorgan.
Given the incident at JPMorgan along with earlier ones at Home Depot (HD) and Target (TGT), people should expect their financial information will be illegally accessed in the next 12 to 24 months, according to Budd. In an email to MoneyWatch, Ed Mierzwinski of the U.S. Public Interest Research Group called for "Congressional oversight and investigation to determine the level of threat hackers pose to the banking system."
The American Bankers Association (ABA) notes that Congress has already held hearings on this topic.
"These threats will continue to exist, and our industry will continue to work with Congress to improve threat information sharing and create a national data breach standard containing heightened security standards for those sectors currently not adhering to banking security requirements," wrote Doug Johnson, the senior vice president for risk policy at the ABA.
Financial institutions have more layers of security in place as a buffer against thieves than many other industries. "The banks are frankly among the most secure entities," said Tom Field , vice president at Editorial Information, a trade publisher that focuses on cybersecurity.
That's why the JPMorgan attack, which began when hackers cracked an employee password, came as a surprise. The firm reportedly spends $250 million annually on cybersecurity, even though banks are attacked far less often than other types of businesses.
According to data from the Identity Theft Resource Center provided by the ABA, the financial sector suffered 23 breaches through Sept. 23 (not including JPMorgan), affecting 172,320 records, orders of magnitude below businesses (63.5 million), medical/health care (7.1 million), government/military (2.7 million) and educational (1.5 million).
The best defense that consumers have against hackers is to check their statements frequently and notify their financial institutions immediately of any suspicious activity so they can be reimbursed. Still, it's a problem that defies easy answers.
Said Field: "The scary thing is that there are probably a lot more out there that we don't hear about."