New details are emerging about the security breach in the internal computer networks of JPMorgan Chase Bank this past June. And it’s good news for Chase customers. The hackers responsible for the breach did not access customers’ financial data.
A source close to the JPMorgan investigation told The New York Times’ Nicole Pelroth that the criminals may have only gained access to customers’ names, addresses and phone numbers. So far, Chase Bank has still seen no evidence of fraudulent activity due to the breach.
But it’s not all good news: According to Pelroth’s sources, the hackers also broke into several JPMorgan servers and got a look at the software JPMorgan uses internally. If the criminals can find security flaws in this software, it may give them an opening to stage another attack on JPMorgan’s systems in the future.
However, JPMorgan spokeswoman Kristin Lemkau told Pelroth that the cybercriminals don’t seem to have stolen any proprietary software, nor accessed a map of JPMorgan’s networks.
The approximately 1 million Chase Bank customers affected in the data breach will still have to keep on the lookout for phishing emails: official-looking messages that are actually designed to trick users into handing over their sensitive data.
In addition to this breach, charity JPMorgan Chase Corporate Challenge may also have been breached, resulting in the exposure and possible theft of members’ names, addresses and physical addresses. JPMorgan said in a letter to members that it learned of this breach on August 7.
“We’re sorry that other content on this website isn’t available now. We’re working on it,” reads a message on the JPMorgan Chase Corporate Challenge website. The site is maintained by a third-party, not JPMorgan itself, and it’s unclear if the two breaches are related.
What we know about the Chase Bank hack
Attackers breached the internal networks of JPMorgan Chase some time this June. The company detected the intrusion in July, and Bloomberg News broke the story on August 27.
Earlier that August, security experts discovered a phishing campaign targeting Chase Bank customers.
Investigators from the FBI, the United States Secret Service and the National Security Agency (NSA) are all on the case. They believe four other U.S. banks were also hit in the same attack, and that the criminals responsible may be politically motivated (which would explain the lack of fraudulent activity).
If you’re a Chase Bank customer and you haven’t yet changed your account password, do so now. You should also keep an eye on your accounts for any signs of suspicious activity.
And be skeptical of any emails you receive from Chase or about Chase. Don’t click on any links in these emails; rather, if the email claims to have news regarding your Chase Bank account, go straight to your Web browser and type Chase’s URL in yourself. This will help you avoid phishing websites disguised as Chase’s site.
Jill Scharr is a staff writer for Tom’s Guide, where she regularly covers security, 3D printing and video games. You can follow Jill on Twitter @JillScharr and on Google+. Follow us @tomsguide, on Facebook and on Google+.