On Thursday, JP Morgan Chase, one of the leading banks in the United States, released a report admitting that the hacking of its computer system, which began in June and was discovered in July, had a much larger impact than the bank originally speculated.
The invasion, which The Guardian is referring to as the “largest of its kind ever discovered,” affected the accounts of 76 million households and seven million small businesses.
In a regulatory securities filing from the bank, it claimed that, “As of such date, the firm continues not to have seen any unusual customer fraud related to this incident.”
The bank maintained that while the names, addresses, phone numbers, and email addresses of account holders had been seized by hackers, no financial information, social security numbers, birth dates, or passwords had been compromised.
Bloomberg reported that hackers also obtained internal data from JP Morgan customers, which identified them by the type of category they were in, such as “private-bank, mortgage, auto or credit-card divisions.”
According to the New York Times, the hackers “appeared to have obtained a list of the applications and programs that run on JP Morgan’s computers,” and they used that list to “crosscheck with known vulnerabilities in each program and web application, in search of an entry point back into the bank’s systems.”
The Guardian reported that JP Morgan is “working with the Federal Bureau of Investigation and the US secret service to determine the roots of the attack.”
“Reality is dawning among regular corporations that you can’t keep these guys out,” said security expert, Brian Krebs. “The most you can do is stop the bleeding. It’s not clear yet how well that worked here. A month is a long time.”
While the 76 million households affected stands as the largest number in the financial realm, it goes on record with the 110 million personal records taken when Target’s system was hacked last year, and the 145 million who were affected when EBay was hacked earlier their year, according to Bloomberg.
In a memo sent to JP Morgan employees, Chief Operating Officer, Matt Zames, wrote that the breach was “highly unfortunate,” and that employees should use it as a reminded that they must be “increasingly vigilant in the cyber world.”
