Another catastrophic leak was made public today, as JP Morgan Chase, owner of the largest US bank Chase, revealed it had been hacked on a massive scale, compromising the personal information of 76 million US households and 7 million small businesses.
Revealed in an SEC filing, the bank tried to calm fears by saying that it doesn't believe account data or financial information was taken, and also that it has not seen unusual activity.
But the hack is typically only the start of a crime syndicate's activities. The New York Times reports that the hackers got root level access to 90 servers and also accessed schematics of the applications and software that run on standard Chase workstations: essentially a map of the company's IT infrastructure.
This gives the cyber-criminals great potential to run malware on Chase systems, attack further in the future, and strike again at will to try to gain access to financial information as well as personal information.
The attack disclosed today is more evidence of an epidemic of data leaks and insecurity. In previous years, data leaks of 10 million or more people were rare, happening once or not at all. This year we have seen Target, Home Depot and JP Morgan Chase hacked on an epic scale.
Consumers should carefully check their statements for fraudulent charges, as there is now a higher chance of identity theft and fraudulent transactions. Consider signing up for fraud monitoring services like BillGuard.
Merchants need to be much more careful about transactions, now that almost any seemingly genuine customer could be someone whose credit card data was stolen, and purchased by a fraudster on the internet.