Due to a cyberattack on JPMorgan Chase, the personal information of 76 million households has been stolen. According to the bank itself, names, addresses, phone numbers, and e-mail addresses were compromised, but there is no evidence that account numbers, passwords, user IDs, dates of birth or Social Security numbers were compromised.
Even if your password was stolen, the damage done with that password will likely be limited to what anyone with access to only the bank’s services and information can do as long as you use a different password for every site. You could simply change your password, and none of your other online services would be directly affected because that password would be useless everywhere else. The bank says they don’t believe you have to change your password or account information, but it probably wouldn’t hurt to do so in case they are wrong. But let’s hope that no information in the latter group was stolen. If your Social Security number was stolen, for example, you have a lot more to worry about than the security of your computer.
If only names, addresses, phone numbers, and e-mail addresses were compromised, the article points out that these four pieces of information can be combined with publicly available sources of information such as census information and information found on social media. The article did not specifically mention that identity thieves may also use birth records, which are also widely available online. Having your name and date of birth could allow identity thieves to social engineer more information from other institutions you may be a customer of.
Social media is a factor that you do have some control over. If you have an account on a social network, make your profile invisible to the public and to search engines if you have the option. On Facebook, for example, you have the option of not allowing your profile to be found by search engines.
More importantly, do not post any sensitive information in your profile. If this breach isn’t enough incentive for you to stop posting sensitive information on social networks, consider the fact that burglars use information from networks like Facebook and Twitter to find potential targets. Even if your privacy settings are airtight, one of your “friends” could be the burglar. In 2010, a woman’s home was robbed by someone she had recently friended on Facebook.
The article does correctly point out that spear-phishing attacks are a possibility. If someone has your real name, phone number, and home address, a phishing e-mail pretending to be from the bank may look more convincing; you might not be as worried about disclosing your personal information if you believe the e-mail really is from the bank. As I pointed out in an earlier post, the more information spear-phishers have about their target, the easier it is to make their message appear genuine. In that post, I gave 8 tips on how to protect yourself against spear-phishing. If you may have been affected by this bank breach, it may be a good time to review those tips again now.