Word has leaked that JPMorgan Chase and possibly four other banks have been hacked. Details are scarce at this point, but the FBI and other government agencies are involved in the investigation.
The hack allegedly took place earlier in August and hackers have siphoned off huge amounts of sensitive data from Chase, including checking and savings account information.
Even more concerning, sources say that the attack goes "far beyond the capabilities of ordinary hackers." Given the timing, some security experts are speculating it was the work of high-level Russian hackers.
According to an inside source, there has been no increase in fraud at JPMorgan Chase since the hack. However, it doesn't change the fact that if you're a Chase customer your most sensitive financial information may now be in the hands of criminals.
JPMorgan Chase, while taking the hack seriously, also had these less-than-comforting words:
“Companies of our size unfortunately experience cyberattacks nearly every day,” Patricia Wexler, a JPMorgan spokeswoman, said. “We have multiple layers of defense to counteract any threats and constantly monitor fraud levels.”
So, where does this leave you?
Without knowing the extent of the hack, or even all the banks involved, it's hard to make a final plan for staying safe.
Given how tough bank security is, the easiest thing for hackers to steal would be usernames and passwords. Immediately changing your bank password and security question would be a good step.
Chase's online accounts offer two-factor authentication, which makes it harder for unauthorized users to log into your account. If you've never turned it on this is a good time to do so. Learn how two-factor authentication keeps you safe on important websites.
You can also set up alerts for your account to be notified of large transactions and account activity, if there are changes to your ID and password, or your mailing address is updated. Learn more about account alerts here.
As always, keep an eye on your credit card and bank statements for unauthorized activity. Report anything you see immediately to your bank.
Scam alert: I can assure you that scammers are going to take advantage of this situation with phishing emails and even fake phone calls claiming to be from Chase and other banks. They'll try to tell you that your information is compromised and you need to click a link to change your password, download a file or tell the person on the phone your account information.
Don't be fooled! No bank will ever ask you to click a link in an email, download a file or call you on the phone. If you get an email, it will tell you to log in to your account to read more about the problem.
You should always visit the banking site manually and log in. That way you know you're dealing with the real site.
If you ever have a question about something you've received in an email or over the phone, call the bank using the information on your bank statement and talk to a representative.