Hackers have made off with data belonging to 76 million households and 7 million small businesses in one of the biggest cyber attacks ever, as a JPMorgan Chase & Co. (JPM) servers were compromised over the duration of the summer. And the culprit? A simple employee password.
JP Morgan, the largest bank in the United States, made the full extent of the sprawling cyber attack known last night, but reassured clients that here's still no evidence account numbers and passwords were compromised, even as names and contact data were exposed. In addition, people who logged on to certain websites or mobile apps associated with the bank had their contact information stolen, according to the New York-based company.
While the company, it's only now that the full extent of the damage is becoming known to the general public. However, JP Morgan are adamant that customers are not in an excessive amount of danger.
"There's no evidence that account information - things like accounts numbers, passwords, log-in IDs - were accessed, viewed or acquired," said a JP Morgan spokesperson.
Chris Boyd, a malware intelligence analyst at Malwarebytes told ITProPortal "The data taken is a spammer's gold-mine and could be used over a long period of time to drip feed potential victims with phishing, cold calling or targeted Malware attacks via email."
"If any of the 76 million affected have had other data leaked in the past, it would be easy for those behind this attack to build up a robust picture of their targets and throw a little social engineering into the mix, making the emails seem less random and the phone calls more persuasive," he added.
"Anybody affected should be particularly cautious of emails claiming to be from JP Morgan over the coming months, and if in doubt should contact the sender directly to verify. That same caution would also apply to cold calling, letters and emails."
JP Morgan Chase has total assets worth $2.515 trillion (£1.99 trillion). It is a major provider of financial services, and according to Forbes magazine is the world's third largest public company based on a composite ranking.