US bank, JPMorgan Chase has acknowledged that 76 million current accounts and 7 million small business accounts were affected by a hacker attack last August.
The bank presented an official report to the Securities and Exchange Commission (SEC), specifying the type of data that had been compromised in the attack on the Web and mobile apps of JPMorgan Chase.
Data obtained by the cyber-criminals included customers’ names, addresses, phone numbers and email addresses, as well as internal company data. There is still no evidence that this data theft has compromised account numbers, passwords, ID numbers, dates of birth or social security numbers.
Cyber-attack on JP Morgan Chase
JPMorgan Chase was one of five US organizations to suffer an attack, the real purpose of which is still under investigation.
The FBI have been trying to determine the origin since August and determine whether the motive is purely financial or if it is part of an international espionage operation.
The bank has also asked customers to come forward if they are aware of any irregular transactions, though for the moment, they have no evidence of any fraud related with this data theft.
*** Update
Luis Corrons, technical Director of PandaLabs, has drawn similarities between this attack and the one suffered by Orange some months ago. In neither case were passwords stolen, which is typically the prime target of cyber-criminals, probably because this data is stored on systems with greater security.
Nevertheless, Luis Corrons has also pointed out that companies are attacked every day around the world and a small percentage of these attacks are successful. This should serve to remind businesses that they need to improve defenses against cyber-attacks and ensure they have the best business antivirus.