Hack attack on JPMorgan Chase

Discuss whatever you want here ... movies, books, recipes, politics, beer, wine, TV ... everything except classical music.

Moderators: Lance, Corlyss_D

Post Reply
John F
Posts: 19918
Joined: Mon Mar 26, 2007 4:41 am
Location: Brooklyn, NY

Hack attack on JPMorgan Chase

Post by John F » Sat Oct 04, 2014 7:51 am

What happened and what you can do about it.

Ways to Protect Yourself After the JPMorgan Hacking
By TARA SIEGEL BERNARD
OCT. 3, 2014

The numbers are shocking: Personal information from 76 million households may have been compromised as part of the cyberattack on JPMorgan Chase. That is the equivalent of two out of every three households in the United States, though a small portion of those affected may be overseas.

The intrusion compromised the names, addresses, phone numbers and emails of those households, and can basically affect anyone — customers past and present — who logged onto any of Chase and JPMorgan’s websites or apps. That might include those who get access to their checking and other bank accounts online or someone who checks their credit card points over the web. Seven million small businesses also were affected.

While nobody knows what the hackers are planning to do with the data from JPMorgan — if anything at all — privacy experts say the biggest risk is that the thieves will try to extract more sensitive information from affected consumers. “It would give the thief a call log of who to victimize, but that in and of itself is not enough to steal someone’s identity,” said Matt Davis, a senior victims adviser at the Identity Theft Resource Center. “That is the silver lining there.”

There is no evidence that account numbers, passwords, user IDs, dates of birth or Social Security numbers were compromised, according to the bank, nor did the bank suggest that customers change their passwords. “I think it is always good practice to regularly watch your accounts,” said Trish Wexler, a JPMorgan spokeswoman. “That is just good financial hygiene.”

It is possible that the thieves could sell the JPMorgan data to others, who could then combine it with publicly available information, found through census data or social media, said Pam Dixon, executive director at the World Privacy Forum, a public interest research group. They could then create sophisticated — and very convincing — emails that targeted individual consumers, a practice known as spear phishing. The goal is to trick consumers into providing Social Security numbers or user names and passwords. “I would be very conscious of the email you get in the next year, which could be related to this hack,” Ms. Dixon said. “They are really hard to detect. It’s not like, ‘Send me money in the Philippines.’ ”

Legitimate financial services companies, retailers, cellphone companies, government agencies like the Internal Revenue Service and other providers will not (or at least should not) request personal information in an email. But if a customer detects something suspicious about an email, they should contact the company that supposedly sent it. They should not, however, use the phone number in the email — that is likely only to put them in touch with the criminals. The Federal Bureau of Investigation also advises consumers to enter website addresses manually (or, at least, to do a web search for them). In other words, do not follow links inside the email.

If a customer’s bank account ultimately is compromised, they will not be held liable for any unauthorized transactions, but they should contact JPMorgan immediately.

Those who want to add a layer of security to their financial life should consider a “security freeze,” one of the strongest tools against theft because it prevents someone from trying to open a new account in a consumer’s name. When you freeze your reports, the big three credit bureaus will not release your credit reports to any company that does not already have a relationship with you. Financial providers and other companies typically request such reports before issuing a new account.

Consumers need to approach each of the three credit bureaus — Equifax, Experian and TransUnion — and may need to pay a small fee, depending on where they live. The process can be a hassle because the freeze has to be “thawed,” or lifted, to apply for a new credit card, for instance, or for a mortgage. (And consumers may need to keep PINs and other information handy to do that). But the extra effort may be easier than trying to undo the mess created by a thief.

Then there is the boilerplate advice that all consumers should heed: Regularly monitor all of your accounts; read every transaction on your credit statement every month; and check each of your three credit reports regularly, which you are allowed to do free at least once a year through AnnualCreditReport.com.

Consumers may be desensitized by now, given the frequency and breadth of cyberattacks on retailers like Home Depot, Target, Michaels, Neiman Marcus and others. Many may even assume that some hacker, somewhere, already has at least some of their personal information. “Security is out of your control,” said Bruce Schneier, a computer security expert. “The only thing you can do is agitate for laws about regulating third-party use of your data and how they store it, use it and collect it.”

http://www.nytimes.com/2014/10/04/your- ... rself.html
John Francis

Post Reply

Who is online

Users browsing this forum: No registered users and 16 guests