JPMorgan, the nation's largest bank, disclosed Thursday in a Securities and Exchange Commission filing that user contact information, including names, addresses, phone numbers and email addresses, had been stolen from its computer systems. The theft affected 76 million consumer accounts and 7 million small businesses.
While no credit card or bank account numbers were taken, the stolen information still poses a serious threat to the people and businesses affected, experts say. Criminals can use the account data in various scams aimed at tricking people into divulging payment card numbers, banking information and usernames and passwords to online accounts.
The hackers could use the stolen data themselves or just as likely sell it on underground marketplaces. With the information in hand, criminals could craft email to appear to come from Chase and ask recipients to click on a link to change their online banking credentials.
"I strongly expect to see a large increase in phishing email campaigns related to Chase banking services," Joshua Roback, architect for security-as-a-service provider SilverSky, said.
People familiar with cybersecurity would know that a bank would never request a password. However, such swindles are effective against people who are less familiar with Internet security.