A number of U.S. banks, including JPMorgan Chase & Co., were hit earlier this month by cyberattacks, according to published reports.
"We are working with the United States Secret Service to determine the scope of recently reported cyberattacks against several American financial institutions," the FBI said in a statement to Bankrate and other media outlets. "Combating cyberthreats and criminals remains a top priority for the United States government, and we are constantly working with American companies to fight cyberattacks."
© Tim Clayton/TIM CLAYTON/Corbis
So what happened? Bloomberg News, which first reported the attack, says Russian hackers attacked U.S. financial institutions, stealing "gigabytes of data" that included "sensitive data from the files of bank employees, including executives."
Other reports say security experts have not concluded the attack were made by Russians. The New York Times says the data stolen in "sophisticated cyberattack" includes checking account and savings account information.
"It's a bit too early to tell what exactly is going on," says Julie Conroy, a research director with Aite Group which monitors banking and fraud. She says early reports of the attack "point to a level of sophistication typically associated with nation-state involvement," and that early indications are that this is not an attack motivated by simply stealing consumer data to sell on the black market.
Security is difficult as attacks become increasingly sophisticated
Conroy says that Chase, which is listed in the reports as a victim in the attack, has one of the more sophisticated security systems. "But the cybercriminals behind the attacks face little in the way of consequences and are continually ramping up the sophistication of their attacks," she says.
"This is a prime example of how difficult it is to be in charge of info-security for a bank of any size, when you're tasked with warding off thousands of attacks from not only criminals bent on financial gain, but also nation-states looking for trade secrets and hacktivists with a political agenda," Conroy says.
Neal O'Farrell, chief executive of Privide Inc., a company specializing in protecting high net-worth consumers, says this attack is another example of why companies should stay on top of the latest security measures.
"No matter how smart we think we are, we're being outgunned every day by cybercrooks, some of them as young as 17," he says. "That's pretty sobering."
Chase spokeswoman Patricia Wexler said that "companies of our size unfortunately experience cyberattacks nearly every day. "We have multiple layers of defense to counteract any threats and constantly monitor fraud levels."
Chase says it has not seen any unusual fraud activity at this time. It says it will contact anyone who may have been affected by the cyberattack as it learns more and urges customers to -- as always -- contact the bank if they see suspicious activity on their accounts.
What consumers can do
The news about this latest cyberattack is still coming out, so consumers should watch for updates and pay attention to any messages from their banks.
In the meantime, consumers should use this news to their advantage to remember to always be vigilant about their checking accounts and savings accounts in case of an attack. Set up alerts, monitor online billing statements and accounts for suspicious charges, and be sure to notify the bank or card issuer immediately if something doesn't look right.
"If consumer data was implicated -- and that appears to still be an 'if', a consumer's best bet is to monitor his or her online banking statements and quickly report any unusual activity," Conroy says. "Consumers should be making this a regular practice regardless, because they are far more likely to see their cards compromised in the merchant breaches that are now making a weekly appearance in the headlines."
For more, see Bankrate's recent report about a possible Goodwill data breach.
Follow me on twitter: @allisonsross.