J. P. Morgan Hack Rumors, Facts and How to Mind Your Personal Banking Cybersecurity
The world of big money has been struck by another great hack – J. P. Morgan and four other major banks have been hacked apparently months ago, and they did not know it until a recent security check at J. P. Morgan.
Update: According to The Wall Street Journal, the FBI found no evidence the hackers were nearly as successful with the other banks as they were with J. P. Morgan. Confusion about the other banks appeared when other financial institutions started inquiring into the J. P. Morgan hack, which made the media assume these banks were hacked, too. This only adds further mess and difficulty into the investigation process.
What information has been leaked?
According to the undisclosed sources close to investigation, the large amounts of personal data on customers has been leaked within the past few months - account numbers, personal and financial information of account holders on a large scale. Whatever your bank knows about you is now known to some other third party with unidentified purpose. Some experts suggest the hack is similar to that of the last Christmas Target major leak - 'nothing serious.'
What are the hackers going to do with such huge loads of information?
It is unlikely a hack of such massive scale aims to use that user data with the purpose of identity theft. In fact, the FBI suggests that the level of sophistication required to perform something as brilliant as the hackers did to J. P. Morgan implies the involvement of serious organizations, or even governments.
Banks will spend even more money on security next year
In recent months, J.P. Morgan hired several security specialists with Defense Department experience, and cybersecurity has been a major headache and one of the most costly items on the bank's expense list. According to James Dimon, J.P. Morgan's chairman and chief executive, the bank will spend more than $250 million on cybersecurity this year, and have over 1.000 people working on the issue.
Who did it?
Even though the security specialists imply there might be some hostile governments involved in the hack, there is no official statement as to who (or why) hacked the major U.S. banks databases. Bloomberg spread the rumor about the Russians, and many media outlets caught it as if it were a confirmed fact - alas, source double-checking is currently an out-of-fashion trend for journalism. What the people close to investigation did say was that the style of the hack made some people suspect a link to the Russian or Eastern European organized crime, mainly due to the fact the targets were large financial institutions.
However, the investigation insiders cautioned it was too early to jump into conclusions.
How They Did It?
Hackers have supposedly breached one of J.P. Morgan's employee personal computer, and from there, gained access to the bank's network via a virtual private network employees use to access corporate networks from home, said a source close to investigation.
Your Personal Banking Cybersecurity Checklist
1. Remember that banks don't send their customers emails that require urgent password reset action, asking you to click on a link embedded in the email. This is phising, a kind of email scam designed to get your account credentials, and J. P. Morgan has an educational webpage dedicated to it. If you should receive one, mark it as spam and don't click on any links in it.
2. Beware of phone calls that allegedly come from your bank and request your account credentials by phone. If in doubt, ask for the caller's name, position and location and dial the official phone number of your bank office (not the one given to you by the caller), and inquire if a bank representative really needed to contact you. Banks do not ask sensitive information, including your Social Security number, address, your age, family members over the phone.
3. Check your monthly statement for suspicious activity - this is the bulletproof way to detect hack before it's too late. Make sure that each transaction on your statement was made by you, and if something looks suspicious, contact your bank immediately. Sometimes, hackers charge on hacked credit cards small amounts to make sure the transactions go through before they charge a lot and ditch the card.
4. Beware of numerous online services that require too many credentials. Take it as if you were approached by a stranger in a mall - would you have given him you credit card number?
5. I know tech giants say their stuff is safe, but online banking from a smartphone is even more susceptible to hacking than from a computer, mainly because banking and personal finance mobile apps are often targets of hacking. There were cases when iTunes or Google Play had online banking apps that were banks-branded, but came from hackers, and neither app markets, nor consumers suspected the apps were a fraud. Truth be told, smartphone-enabled shopping and banking is far from being secure now.
Sources: WSJ 1, WSJ 2, USA Today 1, USA Today 2, NY Times, Bloomberg, The Guardian.