JPMorgan Chase was quick to reassure customers that their accounts were safe following a stunning data breach that affected 76 million households, two out of every three in this nation. An additional 7 million business customers were impacted.
The banking behemoth pointed out that only names, addresses, phone numbers and email addresses were taken — no account numbers, Social Security numbers, user IDs, passwords, or birth dates and “we have seen no unusual fraud activity related to this incident,” the bank noted.
If you’re still feeling uneasy, you may be asking the question, well, what can thieves do with that information? Unfortunately, the answer is plenty.
What this breach accomplished was to confirm that when you do business with JPMorgan Chase, each bit of information about you is a piece that completes your profile. Those holding your stolen data can:
1. Combine it with other information they already have.
2. Sell your information to other shady characters.
3. Use your information for spear phishing.
The FBI warns that spear phishing is sinister. Where phishing casts a wide net seeking information, spear phishing is targeted directly at you using accurate information, such as the fact that you do business with JPMorgan Chase.
The key for consumers is continued vigilance. Most of us will be cautious in the coming days and weeks — but what about months from now? On a Saturday or Sunday during the holiday season when you’re in a rush to clear your inbox and come across an email from “JP Morgan Chase” that tells you that someone is fraudulently using your credit or debit card? There’s a link to check your account. Will you remember to type the bank’s URL into the address bar or will you click the link?
Ron Keller works for a TV station in California. His work exposes him to news stories about major data breaches. While he’s relieved to be in the clear on this breach, his savings and loan recently sent him a new card because his old one was compromised in the Home Depot breach. But Keller didn’t contact his S&L; the institution proactively replaced the card on his behalf. Says Keller, “I pay attention, but I’m not worried.”
That attitude is exactly what Eva Valasquez recommends. Velasquez is President and CEO of the Identity Theft Resource Center. She told LifeLock, “We don’t want consumers to panic each time they hear about a data breach. React, but don’t panic.”
So what should you do right now to protect yourself? Velasquez recommends:
1. Check your credit report. Has a fraudulent account been opened in your name?
2. Change your passwords. Even though they were not stolen, Velasquez says all passwords should be changed regularly. If your password can be found in the dictionary, pick something tougher. Combine letters with numbers and symbols, and use upper and lower case.
3. Monitor your accounts. Make checking all activity a regular part of your routine.