Another potentially damaging data breach could impact millions of Americans after JPMorgan Chase, the largest U.S. bank, was breached in what appears to be a coordinated cyberattack against multiple banks.
There is no indication yet from Chase that personal financial information was stolen, but it’s troubling that, once again, consumers are the last to know about large-scale hacks that could affect their lives.
“Always monitor your accounts for transactions you don’t recognize,” a new statement on the Chase website reads, without mentioning the cyberattack. “Let us know right away if you see anything suspicious.”
Regular vigilance is always important for banking and credit card customers in the digital age.
“All of your Chase cards have our Zero Liability Protection,” the Chase statement says. “That means you’re not liable for unauthorized transactions you report to us.”
Despite a string of state laws passed over recent years requiring companies to notify the public of network data breaches, there is still a significant time gap between attacks and public notification.
Security experts that this gap amounts to vital lost time for consumers to protect themselves by monitoring transactions, changing passwords or alerting third-parties that may be affected – such as a credit card company.
‘It’s a Real Pain in the Neck’
“There have been so many breaches where companies have held information for so long that more disclosure would force companies to do a better job being accountable to consumers,” Ed Mierzwinski, Consumer Program Director at U.S. PIRG, told the Washington Post. “It’s a real pain in the neck to clear your name… You have to spend time — a lot of time — clearing your name. And you don’t get paid for that.”
The impact of the JPMorgan Chase breach is not completely known yet. It was Bloomberg News that first reported the breach Wednesday afternoon, confirming that the FBI was investigating the possibility that Russian hackers had orchestrated the attack. Reportedly the hackers were retaliating for U.S. sanctions against Russia for its actions in Ukraine. But authorities have not blamed anyone yet.
As for Chase customers, the bank posted a notice on its website: “The security of your Chase accounts is one of our highest priorities,” with general tips on how to protect personal banking security. But it did not mention the latest security breach at all.
A spokesperson told various media outlets that JPMorgan Chase will notify consumers if it finds that they have been affected by the breach. Chase declined to comment on when it first learned of the data breach, or offer any details on what happened.