If you’re one of the millions of people whose name and contact information fell into the hands of hackers who attacked JPMorgan Chase, prepare yourself: You may be targeted by attempts to pry out more critical information.
While the bank hasn’t detected any fraud and says all money is safe, the breach exposed the names, addresses, phone numbers and email addresses tied to 76 million households and 7 million small businesses. There was no sign of stolen account numbers, passwords, user identifications, birthdates or Social Security numbers, Chase says.
What you should do
Given this massive exposure of customer contact information, people affected should be on the lookout for spam emails, phone calls and text messages, says Avivah Litan, a vice president and distinguished analyst at Gartner Research, an information technology research company. Fraudsters may be looking to take advantage of you through techniques known as phishing.
“We’re already seeing a lot of these spam emails and texts and phone calls as a result of previous breaches, so this is just going to add to it,” Litan says. “All the data is being collected and sold on the black market, and different criminals buy it for different reasons.”
If you receive suspicious messages or calls, don’t give out credit card digits, Social Security numbers, or any other private information. Banks will never ask for this by email, so if someone does request it, you’re probably dealing with a fraudster.
Don’t trust, do verify
Consumers shouldn’t necessarily trust communications that explicitly mention the name of Chase or any other bank.
“I would envision that a lot of the phishing exploits would mention Chase specifically,” says Doug Johnson, a senior vice president at the American Bankers Association. “What the phisher is trying to do is send you something which you would have a reasonable expectation of opening up.”
Chase also warns consumers not to click on links or open attachments to fishy emails. To avoid being reeled into one of these traps by telephone, if you get a suspicious call from someone claiming to be from the bank, hang up, call the bank and ask to be connected, or visit a branch in person. Chances are the call was a phishing expedition.
Chase customers aren’t the only ones who should take precautions, Johnson says.
“This was a marketing database; it wasn’t a customer database,” he says of the Chase target the hackers breached. “So while a majority of the data will be of customers, there will be some non-customer data in there as well.”
“[People] can’t stop the theft of the data, but they can stop the use of the stolen data in terms of harming them,” Litan says.
Report suspicious activity
With this security breach – affecting the largest number of people of any known incursion to date – and recent attacks on Target, Michaels, Neiman Marcus and Home Depot, it’s obvious that successful hacks are becoming more common. Therefore, all consumers should check their credit and debit account statements regularly to look for unauthorized purchases. Report any suspicious activity to your card issuer, bank or credit union immediately to avoid potential liability; the sooner you speak up, the more likely you are to get your money back, Litan says.
Small business owners should take the same precautions and train their employees, including bookkeepers and treasurers, to be wary of potential scams, Litan says.
Additionally, you may want to place a fraud alert on your credit report, change passwords and consider identity theft protection services, the Consumer Bankers Association advised earlier this month. For more safety tips, check out this handy guide. With a little luck and some proactive steps now, you may avoid the pain that having your credit and bank accounts hacked can cause.