JPMorgan Chase, America’s largest bank by assets, has admitted that the names, addresses, phone numbers and email addresses of 76 million households and seven million small business accounts were exposed in August’s attack on its systems.
This makes it one of the largest data breaches in history, affecting a majority of US citizens.
The bank has issued a statement saying that there is no evidence that account numbers, passwords, user IDs, birth dates or Social Security numbers have been stolen, and it has seen no evidence of “unusual customer fraud”. As a result, it is not currently advising customers to change their passwords or account logins.
However, data relating to the apps ChaseMobile and JPMorgan Mobile was included in the hack, along with information about users of the Chase.com and JPMorganOnline sites.
The apparent scale of the attack proves that personal data is now the world’s de facto currency.
Tal Klein, VP of cybersecurity firm Adallom, said that the sophisticated nature of the hack – in the wake of other large-scale raids on e-commerce sites and social platforms – suggests that data security as a whole has been compromised.
“Until now the assumption has been that the companies that get breached are the ones that have poor security practices, but we know that JPMorgan had a good security programme and that they invest heavily in this area,” he told Reuters. “So what we are waking up to is that the fundamental nature of security is broken.”
The attack may be one of several on large US companies, in an apparently coordinated assault. In August, Bloomberg reported that the FBI was investigating attacks on at least one other bank. The New York Times reported that as many as four other banks may have been hit.
Computing reported last month that data from JPMorgan Chase was derouted to a major Russian city.
The FBI is trying to establish whether the hacks are Russian-state-sponsored and in retaliation for economic sanctions – a claim denied by Russian President, Vladimir Putin.

Leave a Reply