Chase Data Breach Hit 76M Households, 7M Businesses; Account Info Not Stolen

Remember that coordinated hack attack against JPMorgan Chase and other banks from August? Chase now says information — but apparently no payment data — on some 76 million households and 7 million small businesses was compromised.

The bank announced late this afternoon that hackers were able to obtain names, addresses, phone numbers and email addresses of Chase’s websites (Chase.com, JPMorganOline.com) and its ChaseMobile and JPMorgan Mobile smartphone apps.

Chase claims that account information was not accessed, nor was particularly sensitive personal data like Social Security numbers, passwords, or dates of birth. According to the megabank, it has not identified any unusual fraud stemming from the attack.

Though of course, with massive data breaches seemingly occurring on a weekly basis, it might be hard to tell.

Chase has posted an FAQ for customers on Chase.com, advising them that they don’t need get new cards or change passwords (though, honestly, it never hurts to change your password on a regular basis).

The Wall Street Journal points out that while one couldn’t create a fake identity or steal someone’s cash with the information taken in the JPMorgan hack, a clever ID thief could use that info to send lookalike phishing e-mails to Chase customers with bogus password-reset links. If a person clicks that link and enters their actual Chase login info, the thief then has everything needed to access a Chase.com account, where havoc could be reached.

While phishing attempts are constant, the Journal says there were reports of a possible increase in these types of fake e-mails this past summer.