Hacked off with JP Morgan Chase: Consumers need to be vigilant
Last night it was reported that telecoms operator AT&T had fallen victim to a serious data breach that left approximately 1,600 of its customers exposed. It might seem like a small number, but it’s the latest in a long line of serious data breaches that consumers need to worry about, and comes less than a week after JP Morgan Chase was hit by massive data theft affecting 76 million households.
JPMorgan Chase insisted the hackers were unable to get a hold of its customers most important data – their account numbers, passwords, social security details, birth dates and so on – but they did gain access to people’s names, addresses, phone numbers and email addresses, the kind of information commonly used to commit identity theft.
Even worse, in the JP Morgan Chase hack, the bank is refusing to say exactly how many customers were affected, nor does it seem there’s any way for individuals to find out if their data has been compromised. And as if that wasn’t enough, the hackers also reportedly gained access to a list of every application and program the bank uses to protect its servers, which means they could potentially hack the bank again by looking for security exploits in those systems.
The good news for those who might have been affected is they’re unlikely to wake up tomorrow and find their bank accounts emptied out, but experts warn they do face a significantly higher risk of identity theft now their personal information is out in the open. To hammer this point home, a recent Javelin survey found that a staggering 22.5 percent of consumers who received notice of a security breach, subsequently became victims of identity theft.
Consumers must stay vigilant
ConsumerReports.org offers some sensible advice in this blog post. The message is that consumers need to be on their guard against emails and phone calls from people claiming to represent JPMorgan Chase. If the hackers only have someone’s name, address, email and phone number, they can’t commit fraud – but what they can do is masquerade as JPMorgan Chase officials in an effort to trick people into handing over more compromising data, such as their mother’s maiden name, account username and password, date of birth, and Social Security number. None of this information should ever be given out over the phone or by email.
Aside from this, all consumers can really do is monitor their accounts for signs of fraud. If they do see anything amiss, they need to be report it immediately. Thankfully, JPMorgan Chase and other banks don’t customers liable so long as any theft is reported promptly, though being robbed can definitely be a very stressful experience.
Time to prioritize cybersecurity
What with so much money at stake, banks and other financial institutions actually do way more than other industries in terms of cybersecurity. Indeed, JPMorgan Chase is said to have installed some of the most advanced security systems available, so the fact it was hacked shows that no organization is completely safe, no matter what precautions they take.
Nevertheless, many organizations are looking to do more. Writing in SiliconANGLE, Karl Sigler of Trustwave reveals that 58 percent of IT professionals expect to be under more pressure to secure their organizations in 2014 than they were last year. To do so, Sigler recommends that IT teams reorganize themselves, placing a higher priority on cybersecurity and perhaps even making it a board-level issue.
In a recent blog post, Trend Micro claims that applications are one of the most common gateways for hackers, and suggests several processes organizations can implement to increase security measures including:
- Drive security mentality deep into their SDLC (Software Development Lifecycle) to ensure bugs and exploits are released at a minimum
- Incorporate vulnerability scanning into their IDE (Integrated Development Environments), as well as run vulnerability scans against development environments (development, test, quality assurance, user acceptance testing and production)
- Lastly, look at organizations and/or tools that have strong penetration testing platforms and processes to assist
Trend Micro also addresses what engineers can do to ensure security vulnerabilities are addressed early on. “It is also about securing the fabric of the experience and instilling confidence in your users,” said JD Sherry, Trend Micro vice president of technology and solutions. “Engineers have to be trained not only in their computer science degree programs about secure web application security, but continuously as new attack vectors evolve throughout their careers,”
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU