A massive hack on JP Morgan has been termed a "spammer’s goldmine" after the contact information of 83 million customers was stolen.
Names, email addresses and phone numbers were taken in the attack, raising fears they may be used to in phishing, cold calling and malware attacks, even though account and social security numbers were said by the bank to be untouched.
Chris Boyd, malware intelligence analyst at security firm Malwarebytes, said: "The data taken is a spammer’s goldmine and could be used over a long period of time to drip feed potential victims with phishing, cold calling or targeted malware attacks via email.
"If any of the 76 million [households] affected have had other data leaked in the past, it would be easy for those behind this attack to build up a robust picture of their targets and throw a little social engineering into the mix, making the emails seem less random and the phone calls more persuasive."
He added that customers should be cautious when receiving emails claiming to be from the bank in the coming months.
JP Morgan said that it has yet to see any "unusual customer fraud" in connection to the hack, reminding its customers that they are not liable for unauthorised transactions on their account if they quickly alert the company.
Patricia Wexler, a spokeswoman for the firm, added that the bank would not be offering complimentary credit monitoring because it does not believe financially or personally identifiable data was taken.
Eduard Meelhuysen, vice president of EMEA at cloud security firm Netskope, speculated that a virtual private network may have been used in this and similar breaches.
"There are three simple, yet important, things that IT can do when enabling remote access to the corporate network – cloud or otherwise," he added. "Multi-factor authentication, robust audit logging, and anomaly detection."