Hackers stole personal information from 76 million JPMorgan Chase customers this summer, in one of the biggest breaches of a financial company.
The bank says only non-financial data was taken — names, addresses, telephone numbers and email. But that's still a lot, and experts warn that customers need to be vigilant about identity theft in the next several months.
Continue Reading Below
The theft raises again questions about the safety of personal information in the digital era, especially at places like banks, where you keep money. What risks do people face? Will this keep happening? And can bank customers reduce the threat of identity or financial theft?
Q: The hackers didn't get Social Security numbers, bank account or credit card information. Should I still be concerned?
A: Absolutely, says Darren Hayes, a professor and expert in cybersecurity at Pace University in New York. It's important to think about the big picture in these attacks. Buyers on the black market can acquire the personal information to build a profile on a customer. "These are not just disparate hackers that are spread across the world. Often times they are the same groups stealing from banks and retailers."
Q: What else could happen?
A: The data stolen from JPMorgan was likely gathered to be sold, says Craig Carpenter, chief cybersecurity strategist at AccessData, a cybersecurity firm. One worrisome question is whether this breach was a reconnaissance mission in preparation for a bigger hack. "They don't have to crack the entire system tomorrow," Carpenter says. "They could have simply been mining for data, or looking to leave something behind that would allow them to get into (JPMorgan's servers) easier next time."
Q: Should I close my account at JPMorgan?
A: At this point, there's no indication that's necessary. Steve Weisman, a Boston attorney and author of several books and articles about identity theft says, "it won't do any good" because other banks may be equally vulnerable to hacking. "There's no place to run and hide. You should monitor your account regularly and don't trust any communications you receive."
Q: After big attacks against retail chains and now Chase, should we expect more breaches?
A: The size and scope of the breaches are going to get worse, not better. Target, Home Depot and JPMorgan Chase are just the beginning, says Pace University's Hayes. It's safe to presume that hackers have been sitting inside these banks and business networks for months, even years, sometimes not doing anything. "Hackers these days are patient ... and are extremely effective at just gathering a lot of data over time."
Q: Is there any way to protect myself if they're this sophisticated?
A: Change your passwords on all of your major business and banking sites regularly, and use different level of passwords to protect the most vital of information, Hayes says. Regularly request your credit reports from the major agencies — Equifax, Transunion and Experian. You're allowed one free credit report from each of the agencies every 12 months, so request one every four months from each agency. "Also put a fraud alert on your credit reports," he says. "If someone tries to open an account, the fraud alert will require any new account request to be done manually."