A new month, a new Privacy Monday.
JPMorgan Chase: Baiting the Hook for Phishers
Cybercrime researchers say that the 83 million customer records (76 million consumer and 7 million small business) swiped from JPMC could be the fuel for years of fraud. In its 10-K filing with the Securities and Exchange Commission, JPMC disclosed the nature and scope of the information. See here. Pay attention to the fact that hackers penetrated one of the world’s largest banks and stole nothing of apparent value: they did not steal a single account number, Social Security number or password. The information stolen includes enough about customers to generate “phishing” emails that could (and will likely) result in customers clicking on links to disclose account numbers and/or passwords to the bad guys. Because this information will be “packaged” and sold — and resold — on the dark web, it could be used and reused to launch phishing attacks for years.
State attorneys general in at least two states have launched investigations.
For more information: Business Insurance News (registration may be required)
Monday Takeaways: (1) Just because you do not have a bank account at Chase, it does not mean that you are not vulnerable. Many branded credit cards (such as JetBlue, Marriott, Ritz Carlton, etc.) are issued by JPMorgan Chase & Co. Your information will have been part of this hack.
(2) Don’t be a click monkey! You are your own best first line of defense. JPMC or any of its branded cards will never ask you to click on a link to change a password or access your account via email.