This summer, we learned that one of our country's largest financial institutions, JPMorgan Chase, was the victim of the biggest cyberattack in banking history. More than 80 million accounts were compromised - including checking and savings account information.
But it was worse: As many as four other financial corporations were targeted, including the payroll firm ADP, E-Trade and Citigroup. If any of these companies have any of your personal information, click here to learn the four steps you need to take right now.
Then even more ripples from this massive hack came to light. Because so much sensitive data was hijacked, JPMorgan Chase began warning of "spear phishing" attacks using the stolen data. It's not over yet: You're still at risk. Protect yourself from spear phishing.
That's it, though, right? It can't get any worse, could it? Sadly, it could, and it did. We've just now learned that this cyberattack went on much longer than anybody knew: two months at least.
A new report on the hack from the New York Times had this to say about the previously unreported length of the attack:
JPMorgan discovered the attack on the Corporate Challenge website on Aug. 7, and learned of the far broader breach of its own system about a week later. The attack on the bank’s network — which enabled the hackers to gain a high level of system privileges on more than 90 servers — began sometime in June and went undiscovered by JPMorgan for about two months, said another person briefed on the matter who spoke on condition of anonymity.
New York State's top financial regulator Benjamin M. Lawsky is now warning of serious consequences to our entire financial system - and our way of life - if these types of cyberattacks continue to get worse.
“It is abundantly clear that, in many respects,” Mr. Lawsky said in the letter, “a firm’s level of cybersecurity is only as good as the cybersecurity of its vendors.”
That means that no matter how good JPMorgan's security is, any company they partner with will provide new avenues for hackers to break in. In the end, you're going to have to take your security into your own hands. Click here to learn my five secrets to keep scammers out of your accounts.