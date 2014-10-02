(Adds comments from security experts)
Oct 2 Names, addresses, phone numbers and email
addresses of the holders of some 83 million households and small
business accounts were exposed when computer systems at JPMorgan
Chase & Co were recently compromised by hackers, making
it one of the biggest data breaches in history.
The bank revealed the scope of the previously disclosed
breach on Thursday, saying that there was no evidence that
account numbers, passwords, user IDs, birth dates or Social
Security numbers had been stolen.
It added that it has not seen "unusual customer fraud"
related to the attack which exposed contact information for 76
million households and 7 million small businesses.
The people affected are mostly account holders, but may also
include former account holders and others who entered their
contact information at the bank's online and mobile sites,
according to a bank spokeswoman.
Security experts outside of the bank warned that the breach
could result in an increase in crime as scammers will likely
attempt to use the stolen information to engage in various types
of fraud.
The bank's customers should be on heightened alert for
fraud, said Mark Rasch, a former federal cyber crimes
prosecutor.
"All of this data is useful to hackers and identity
thieves," he said. "The kind of information that was stolen is
not sensitive itself, but is frequently used to validate
people's identities."
Tal Klein, vice president with the cybersecurity firm
Adallom, said that the breach could undermine confidence in the
security of banks and other companies that people assume are
well protected from hackers.
"Criminals could literally take on the identities of these
83 million businesses and people. That's the biggest concern,"
he said.
"Until now the assumption has been that the companies that
get breached are the ones that have poor security practices, but
we know that JPMorgan had a good security program and that they
invest heavily in this area," he said. "So what we are waking up
to is that the fundamental nature of security is broken."
Still, JPMorgan advised customers on its website that it
does not believe they need to change their passwords or account
information.
Company spokeswoman Patricia Wexler said that the bank is
not offering credit monitoring to its customers because no
financial information, account data or personally identifiable
information was compromised.
At the end of August, JPMorgan said it was working with U.S.
law enforcement authorities to investigate a possible cyber
attack. As with home break-ins, it can take
victims of data attacks months to discover what, if anything, is
missing.
(Reporting by Tanya Agrawal in Bangalore, David Henry in New
York and Jim Finkle in Boston.; Editing by Ted Kerr and Bernard
Orr)