What Small Business Customers Should Know and Do About the JPMorgan Chase Cyberattack

This post is part of the series, SmallBusiness.com Guide to Business Computer and Tech Security: Advice, alerts and information about digital security threats faced by small businesses. You can browse other posts in the series below.

  1. Lynda.com Alerts 9.1 Million Users After 55,000 Accounts Are Breached | December 2016

  2. What Does HTTPS Mean? And Why a Small Business Website Needs the ‘S’

  3. Yahoo Security Breach is Another Reminder of Why Password Protection is Critical to Your Business

  4. Homeland Security Tips for Choosing Harder to Hack Passwords

  5. Passwords Are Stolen Everyday; How to Protect Yours From Being One of Them

  6. How to Recognize and Avoid an Attempt to Crack Your Two-Step Verification Passwords

  7. How Voice Recognition Software is Being Used to Detect Cyber Criminals

  8. How to Avoid a New Cyber Attack Attempting to Access Small Business Bank  Funds

  9. Seven Resolutions for 2016 That Will Help Protect Your Small Business Computers

  10. Top Ten Free Antivirus Utilities For Your Small Business | 2016

  11. Most Small Businesses Have No Cyber Attack Response Plan

  12. If Your Business Bank Account Gets Hacked, Your Bank May Blame You

  13. Why You Should Still Use a Password Management System, Even if You Heard One Was ‘Hacked’

  14. Advice From Google on Avoiding Scams Directed at Small Businesses

  15. More Tips for Actively Managing Your Passwords

  16. What Small Business Customers Should Know and Do About the JPMorgan Chase Cyberattack

  17. How Hackers Use ‘Social Engineering’ and How to Prevent It

  18. Ten Tips From the FCC for Improving Your Small Business Cyber Security

  19. Password Protection Advice from SmallBusiness.com

  20. Ebay Asks 145 Million Users to Change Passwords

  21. What is Two-Step Verification and Why You Should Start Using Them

  22. How (and Why) to Use a Password Management Application

  23. How to Reduce the Odds of Being Hacked While Using Public Wifi

Late Thursday, JPMorgan Chase, the nation’s largest bank, revealed that as many as seven million small businesses and 76 million households had their accounts potentially compromised in a cyberattack this summer. While the company had previously reported the attack, a filing with the Securities and Exchange Commission (SEC) revealed the severity of the attack.

From the the filing and information provided on Chase.com, this is what is currently known about the cyberattack and what the bank is recommending to its customers:

Who was affected?

Customers were affected if they used the following web or mobile services: Chase.com, JPMorganOnline, Chase Mobile or JPMorgan Mobile.

What did the hackers get?

Customers’ contact information – name, address, phone number and email address.

What did the hackers NOT get?

Bank account numbers, passwords, user IDs, date of birth or Social Security numbers.

Were the hackers able to steal money from accounts?

No.

Is a customer liable for money if it turns out they are able to use the information to obtain funds from the customer’s account?

Customers are not liable for any unauthorized transaction on their account if they promptly alert us. The bank says it has not seen any unusual fraud activity related to this incident.

Should customers change your password?

“We don’t believe that’s necessary,” says the bank. “Passwords and user IDs were not compromised.”

Do customers need a new debit or credit card?

No credit card or debit card numbers were compromised. According to the bank, “Since we have seen no evidence of unusual fraud activity, we don’t think customers need to go through the inconvenience of having their cards reissued.”

Do customers need to get credit/identity theft monitoring?

As no financial or account data was compromised, the bank says it does not believe that is necessary

Has the bank stopped the attack?

Yes. The bank says it has identified and closed the known access paths and has no evidence that the attackers are still in our system.

What do small business customers need to worry about?

Phishing (fake email sent to customers that appears to be from the bank but that the cybercriminal hopes a customer will click-through and reveal sensitive data) is typically the biggest risk when contact information has been compromised. The bank encourages customers to be cautious of any communications that ask for personal information. Don’t click on links or download attachments in emails from unknown senders or other suspicious email. According to the bank, it never asks customers to enter personal information in an any email or text message.

Where to find more information

Chase.com’s Security Center has information and recommendations about security and privacy matters. The bank’s update was posted here.

While not related specifically to this cyberattack, SmallBusiness.com has several recommendations for securing your online accounts.

Illustration by SmallBusiness.com from a photo by
Michael Daddino via Flickr. (CC BY 2.0)