Sign in with
Sign up | Sign in

Hackers Hit US Banks: What You Need to Know

By - Source: Tom's Guide US | B 6 comments
Tags :

Credit: JPMorgan ChaseCredit: JPMorgan Chase

The internal computer networks of JPMorgan Chase Bank and up to four other major American banks were hit by an enormous cyberattack earlier this month, according to reports. The intruders' haul appear to have been not money, but gigabytes of data pertaining to client accounts and bank personnel.

The FBI, United States Secret Service and National Security Agency are all investigating, reports Bloomberg News, which broke the story yesterday (Aug. 27). One hypothesis is that the attackers were working on behalf of the Russian government, but no evidence has been publicly presented to support that contention.

MORE: 7 Scariest Security Threats Headed Your Way: Special Report

"We are working with the United States Secret Service to determine the scope of recently reported cyberattacks against several American financial institutions," an FBI spokesman told multiple publications.

It's not yet known exactly what kind of information was stolen, but at time of posting, it appears that none of it has been misused for fraud or theft. That doesn't mean the average bank client can rest easily. If you're a Chase customer, read on to see what you can do to minimize risk and protect your money.

The stolen data affects both clients and employees of the targeted banks, including bank executives, a source close to the investigation told Bloomberg News.

A source told The New York Times that checking- and savings-account information was taken. It's not clear whether that would affect ATM cards, bank-issued credit or debit cards or online-banking login credentials. 

The absence of normal criminal activity following the data theft has led to speculation that the attack was politically motivated, perhaps in retaliation for the U.S. and European Union sanctions imposed earlier this summer on Russian trade and Russian government officials as a result of Moscow's involvement in the Ukrainian civil conflict. Cybercriminals have not been ruled out.

The culprits appear to have been highly skilled and possibly well-financed, using a zero-day flaw in one bank's website to penetrate the bank's internal network, reported Bloomberg News. (The Wall Street Journal reported that a network breach was instead achieved through a bank employee's personal computer.)

A zero-day flaw is a software vulnerability unknown to the "good guys" before the "bad guys" exploit it in an attack.

If you are a Chase banking customer, or if you believe your bank may have been one of the unnamed other banks, you should make adjustments to your online banking account, if you have set one.

First, change the account's [password, and the username if possible. Next, if the bank offers it, set up two-factor verification on your account; even if an attacker learns your password, he won't be able to access your account without entering the second credential, which is often a temporary six-digit number texted to the account owner's cellphone.

For at least the next few weeks, you'll also have to closely monitor your financial information and account activity for any signs of fraud or theft. Contact your bank immediately if you see any signs of suspicious activity.

Jill Scharr is a staff writer for Tom's Guide, where she regularly covers security, 3D printing and video games. You can follow Jill on Twitter @JillScharr and on Google+. Follow us @tomsguide, on Facebook and on Google+.

Discuss
Add a comment
Ask a Category Expert
React To This Article

Create a new thread in the Streaming Video & TVs forum about this subject

Example: Notebook, Android, SSD hard drive

  • 9 Hide
    ubercake , August 28, 2014 10:56 AM
    What does it mean "if you believe your bank may have been one of the unnamed other banks"?

    Are banks not held accountable for reporting breaches to their customers in the U.S.?
  • 0 Hide
    velocityg4 , August 28, 2014 8:26 PM
    I wonder if part of these attacks is because these banks still insist on using XP? This is just getting ridiculous all these breaches.
  • -5 Hide
    SuckRaven , August 28, 2014 8:37 PM
    In otherwords the US hacked its own banks to extort its own people, but we will conveniently throw the blame on the ruskies, to direct public anger at them instead of our own assinine gub'mint, so that WHEN our own assinine gub'mint decides to go toe to toe with the ruskies, there will be public support, and not outrage. That's politics for you... screw your own people AND turn it to your foreign policy / war mongering advantage. Almost Romulan in its cunning.
  • Add your comment Display all 6 comments.
  • 2 Hide
    Christopher1 , August 29, 2014 2:33 AM
    Actually, we should not have to do jack here. There are consumer protection laws that make it so that ANY fraudulent charges on credit cards, the consumer cannot be held responsible for. This is all on the banks, where it should be.
  • 0 Hide
    Abricalio , August 29, 2014 7:00 AM
    Quote:
    Actually, we should not have to do jack here. There are consumer protection laws that make it so that ANY fraudulent charges on credit cards, the consumer cannot be held responsible for. This is all on the banks, where it should be.


    Right.... unless there is a major series of fraudulence using a vast amount of that data.... then I have 3 words for you, 2008 bank bailouts.
  • 0 Hide
    Christopher1 , August 29, 2014 11:03 AM
    Quote:
    Quote:
    Actually, we should not have to do jack here. There are consumer protection laws that make it so that ANY fraudulent charges on credit cards, the consumer cannot be held responsible for. This is all on the banks, where it should be.


    Right.... unless there is a major series of fraudulence using a vast amount of that data.... then I have 3 words for you, 2008 bank bailouts.


    I have some words for you: LET THEM FAIL! These idiots have been extremely lax on security issues for a long time now. There are numerous things that they could do (such as being skeptical of purchases made out of a person's known home state/country and being skeptical when a person is applying for a new credit card from a different address than the big 3 credit companies have on record) that would basically prevent 90% of the fraud.
React To This Article

Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter