After reports of a massive cyber attack on its database erupted in August, it was then unknown how broad the scope of the breach was. Now the banking firm bared more info in an 8-K filing with the U.S. Securities and Exchange Commission that the attack has affected approximately 83 million users, including more than 76 million households and 7 million small enterprises.
And that does not even end there. The attack, according to fresh reports, has also affected other financial institutions. The culprit: the same group of attackers that hit JPMorgan, who are believed to be coming from Russia.
Still according to the 8-K filing with the U.S. SEC, the attack has also put at risk the data of JPMorgan Chase’s internal operations that the company uses to deliver services to clients such as those who are using the Chase.com, JPMorganOnline, Chase Mobile or JPMorgan Mobile services, although the company refused to disclose further detail on the hack.
It is believed that the data breach had taken place between June and August. Fortunately for credit card owners, JPMorgan clarified that the attack did not cover account numbers, passwords, Social Security numbers and other card information. The company went on to try to comfort, at the very least, users by telling them in a statement that they did not need to get new cards as JPMorgan believes it is beyond doubt that no card details were leaked.
But the financial institution, one of the largest in the United States, might be missing some facts here. Although the attack failed to compromise credit card or social security numbers or any other sensitive information, attackers can still make do with other data they have stolen such as names and email addresses by launching a massive phishing campaign or spying on the victims.
So if you are one of the unfortunate JPMorgan clients whose data, though not as sensitive as it goes, might have been stolen, you should take extra cautions when opening an email from an unknown source or even from a trusted sender, because that sender might only be pretending to be legitimate when in fact the email contains malicious links or malware attachments.
Especially if it comes from an unidentified sender, never open a link from the email as it may lead to a phishing page that will steal your credit card data, password and username. JPMorgan has also sent a similar warning to its clients. The bank is now working with the Federal Bureau of Investigation and the Secret Service to further probe the attacks.