Late Thursday, JPMorgan Chase, the nation’s largest bank, revealed that as many as seven million small businesses and 76 million households had their accounts potentially compromised in a cyberattack this summer. While the company had previously reported the attack, a filing with the Securities and Exchange Commission (SEC) revealed the severity of the attack.

From the the filing and information provided on Chase.com, this is what is currently known about the cyberattack and what the bank is recommending to its customers:

Who was affected?

Customers were affected if they used the following web or mobile services: Chase.com, JPMorganOnline, Chase Mobile or JPMorgan Mobile.

What did the hackers get?

Customers’ contact information – name, address, phone number and email address.

What did the hackers NOT get?

Bank account numbers, passwords, user IDs, date of birth or Social Security numbers.

Were the hackers able to steal money from accounts?

No.

Is a customer liable for money if it turns out they are able to use the information to obtain funds from the customer’s account?

Customers are not liable for any unauthorized transaction on their account if they promptly alert us. The bank says it has not seen any unusual fraud activity related to this incident.

Should customers change your password?

“We don’t believe that’s necessary,” says the bank. “Passwords and user IDs were not compromised.”

Do customers need a new debit or credit card?

No credit card or debit card numbers were compromised. According to the bank, “Since we have seen no evidence of unusual fraud activity, we don’t think customers need to go through the inconvenience of having their cards reissued.”

Do customers need to get credit/identity theft monitoring?

As no financial or account data was compromised, the bank says it does not believe that is necessary

Has the bank stopped the attack?

Yes. The bank says it has identified and closed the known access paths and has no evidence that the attackers are still in our system.

What do small business customers need to worry about?

Phishing (fake email sent to customers that appears to be from the bank but that the cybercriminal hopes a customer will click-through and reveal sensitive data) is typically the biggest risk when contact information has been compromised. The bank encourages customers to be cautious of any communications that ask for personal information. Don’t click on links or download attachments in emails from unknown senders or other suspicious email. According to the bank, it never asks customers to enter personal information in an any email or text message.

Where to find more information

Chase.com’s Security Center has information and recommendations about security and privacy matters. The bank’s update was posted here.

While not related specifically to this cyberattack, SmallBusiness.com has several recommendations for securing your online accounts.

Illustration by SmallBusiness.com from a photo by
Michael Daddino via Flickr. (CC BY 2.0)

18
How Hackers Use ‘Social Engineering’ and How to Prevent It

Following the recent wave of celebrities having online accounts hacked, here is an explanation of “social engineering,” part of the method the cyber criminals likely used.

19
Ten Tips From the FCC for Improving Your Small Business Cyber Security

Ways to improve your small business cyber security from the U.S. Federal Communications Commission.

20
Password Protection Advice from SmallBusiness.com

Username and password protection is an ongoing requirement for small businesses. Here is a roundup of helpful advice on internet security and password management that has appeared recently on SmallBusiness.com

21
Ebay Asks 145 Million Users to Change Passwords

Ebay is asking its 145 million users to change their passwords because of a cyberattack that compromised a database containing encrypted passwords “and other non-financial data.”

22
What is Two-Step Verification and Why You Should Start Using Them

It’s incredibly easy and fast to use a two-step verification method to protect your online accounts. Here’s how they work and why you should use them.

23
How (and Why) to Use a Password Management Application

A lock on your front door doesn’t do you any good if you keep the key under the mat, just like the best security on the web won’t protect you if you have the same bad password on every site you visit.

24
How to Reduce the Odds of Being Hacked While Using Public Wifi

Getting in a solid work session at the local coffee shop may be a tempting idea, but it has its risks. Like getting your personal information stolen because you were careless on a public network.