written by Chad F Walter
24%+++, that’s the magic number.
The hits just keep on getting bigger.
According to JP Morgan Chase & Co.’s report filed with the U.S. Securities and Exchange Commission yesterday(https://www.documentcloud.org/documents/1308629-jpmorgan-on-cyberattack.html), almost 1/4 of the total United States population (323.2 million) was affected by a breach that happened between June and July of 2014. For the record, the estimated 76 million people is very conservative given that it doesn’t account for the 7 million businesses affected nor the possible downstream effect on their customers. All things considered, this single data breach could become the largest to date, and given the data (beyond customer records) housed by JP Morgan Chase & Co., we may never fully understand the total impact.
In all fairness to JP Morgan Chase & Co., said report with the Security and Exchange Commission does state that there doesn’t appear to be any customer account information compromised. And that, as of now, there doesn’t appear to be any related fraud activity.
Well, guess what?
That’s just pure spin!
Hackers did access names, phone numbers, home/mailing addresses, email address and “internal JP Morgan Chase information relating to such users”. I know many consumers don’t realize it, but that information is far more valuable than the actual account information, for these two reasons:
- Account information can be changed or locked down immediately rendering it close to worthless. Yes, inconvenient and marginally costly for both consumer and JP Morgan Chase, but (other than making a statement) mostly worthless to the hacker.
- SOCIAL ENGINEERING. Hackers have, in their possession, sufficient data to contact the consumers (aka real targets) in attempts to obtain whatever other information they want. For instance, a hacker could falsely identify themselves as a JP Morgan Chase representative, following-up on the breach incident. Most consumers will give them whatever they ask for simply because they think they’re doing the right thing.
The social engineering aspect can’t be stopped. No one’s about to move and very few people will even change their telephone numbers let alone email addresses. Let’s not forget that, by this juncture, hackers may have probably already sold this information to countless numbers of list services. And, in the sales and marketing world, the information they’ve gathered is GOLD!!!
Of course, there’s been no report of fraud. It’s almost impossible to trace the fraud back to the source of the data stolen. Even if the hackers are (eventually) caught, the information is already out there and in circulation, thanks to today’s internet world and the speed in which it moves.
My recommendation to JP Morgan Chase customers is this – should you receive a call or an email, or a home visit from anyone trying to sell you something, gather survey information or verify contact information – DO NOT RESPOND! DO NOT give them anything!
Even verifying your name will be giving away far too much.
I don’t mean to pick on JP Morgan Chase. You could have inserted any number of companies in their spot – Home Depot, eBay, Adobe, Facebook, the list goes on. The cold hard fact is that cyber crime is going to happen, but we shouldn’t be unprepared and accept it nonchalantly. As consumers, we need to start asking the hard questions before we trust anyone gathering our information. Anyone can do a simple search on any search engine. Before you hand over your credit card or personal information, open the internet and type in “Company Name breach,” hit enter and go through the results of your search.
If they’ve recently been breached, I suggest that you take that into serious consideration before deciding if you wish to conduct business with them. It’s not a definitive way to assure that you won’t be breached, but information is power, and it can affect positive results.