NPR logo
JPMorgan Chase The Latest Big Target In Cyberattacks
  • Download
  • <iframe src="https://www.npr.org/player/embed/353538159/353538160" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
JPMorgan Chase The Latest Big Target In Cyberattacks

Business

JPMorgan Chase The Latest Big Target In Cyberattacks

JPMorgan Chase The Latest Big Target In Cyberattacks
  • Download
  • <iframe src="https://www.npr.org/player/embed/353538159/353538160" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript

A summer cyberattack on the world's biggest bank was among the largest corporate hacks ever discovered. JPMorgan Chase revealed on Thursday that 76 million households were hit in the data breach.

RACHEL MARTIN, HOST:

The year of enormous data hacks continues. America's biggest bank, JPMorgan Chase, revealed yesterday that 76 million households were hit in a data breach this past summer. Before that, hackers broke into Home Depot, Target, eBay - the list goes on. So is this just the new normal? NPR's Elise Hu joins us now to talk about the latest in a string of hacks on financial systems. Hi, Elise.

ELISE HU, BYLINE: Hey there, Rachel.

MARTIN: Any more details about this particular breach?

HU: Chase isn't saying much. They're not saying how hackers managed to get such wide access. But Bloomberg is reporting that the original access point came by getting a password from an employee. This hack then went unnoticed from June until August until they disclosed it. And it's taken a couple of months for Chase to actually work out the details of the investigation - to know the scope.

The bank says hackers were able to get contact information like addresses and e-mails but not bank account logins. So it is saying your money is safe. What's puzzling about this is that even though the hackers reportedly did get into dozens of servers and obtained that highest level of admin privilege -

MARTIN: Yeah.

HU: They somehow weren't able to crack the account side of the servers.

MARTIN: So what does this mean for customers out there who hear this and are still really apprehensive? What else can they do to protect themselves?

HU: Well, because hackers have e-mail addresses, beware of any phishing e-mails. That means don't click on links from e-mail addresses you don't know or links inside messages that might look like they're from Chase or another trusted source but are slightly off.

Chase is saying you don't need to change your password or your bank account information. But there's plenty of us who've actually already done that lately because of the string of retail hacks.

MARTIN: Yeah. As you say, this is a string of hacks. It just seems to keep happening. Target's breach affected up to 110 million customers, Home Depot's affected 56 million cards. NPR has reported on the Neiman Marcus breach and the one at eBay. And now we're talking about the country's biggest bank. So do customers just have to get used to a certain level of risk?

HU: Even the head of JPMorgan Chase, James Dimon, admits a kind of resignation about these data hacks. He wrote to investors that while banks have shored up their security of course, the battle is (quote) "continual and likely never-ending."

MARTIN: But that means companies must be doing something to try to prevent these breaches from happening. What can they do?

HU: Certainly. They're shoring up their security by spending a lot of money. JPMorgan in particular has added plans to spend $250 million a year on digital security. And the hacks on retailers of course have really strengthened this movement to get on to more secure payment systems, like mobile payments. Apple Pay is going to be coming out October 20. That technology will let you pay for things by simply waving your iPhone near a cash register.

MARTIN: NPR's Elise Hu - she covers technology and culture. Thanks so much, Elise.

HU: You're welcome.

Copyright © 2014 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.

Comments

 

Please keep your community civil. All comments must follow the NPR.org Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.