JP Morgan Chase hack – data relating to one third of US households stolen

Impetus

The personal data of 76 million retail customers + 7 million corporate accounts was stolen by hackers from America’s largest bank. The data includes names, addresses, telephone numbers and email addresses. While no account number or account transaction/balance data appears to have been stolen, the contact information is “beautiful” for targeted social engineering attacks on 76 million people. Using JP Morgan logos and corporate colo(u)rs on html emails and fake websites to get the idiots among them to “log in” and disclose more info to the hackers.

There is no excuse for this happening. JP Morgan have the financial resources to lock down their systems. More gross incompetence from an American company.

http://www.nzz.ch/wirtschaft/jp-morgan-beziffert-die-cyber-attacke-1.18396277

Impetus

To add insult to injury JP Morgan didn't tell customers about the breach for several months. It only leaked out because of an SEC filing. The US has no data protection authority. Most US banks are too stingy to use multi-factor authentication for consumers and small businesses. They are being dragged screaming into adopting the EMV payment card standard, but so far they typically only issue chip cards to Americans who travel extensively to "foreign" countries. No wonder the US is the capital of card and online fraud.

Bloomberg's summary of data breaches in the US by industry, size and cause:

http://www.bloomberg.com/infographics/2014-08-21/top-data-breaches.html