By Alex Fitzpatrick
October 3, 2014

JPMorgan Chase said late Thursday that a cyberattack against the bank exposed personal data from 76 million households. Sounds pretty bad for the bank’s customers, right? Well, it is — and it’s awful for the company — but it could’ve been a lot worse.

According to JPMorgan, the hackers responsible for the heist made off with only customers’ names, addresses, phone numbers and email addresses. That’s a lot of personal data — but it isn’t on the same “uh-oh” level as credit card numbers, bank account numbers or passwords, as it’s all pretty easily found online anyway, no hacking required.

However, there’s still a threat here — albeit one that existed beforehand, too. The information the hacker(s) managed to grab can be used to get that other highly sensitive data and, potentially, access to your accounts. How? It’s a process called “social engineering,” which I promise has a lot less to do with Nazis than it sounds. Through social engineering, hackers use easy-to-get data about you, like a name, a phone number and maybe the name of the obedience school your maternal great-grandmother took her second dog, to work their way through your bank or other account’s security verification questions posing as you. If they do a good enough job, the security folks think that yeah, that’s you, and they can get access to your accounts. Scary stuff!

But if you’re worried about the JPMorgan Chase hack and how it might affect you, here are some practical tips:

1. Change your passwords. You should be doing this regularly even without massive hacks happening.

2. Closely monitor your bank and credit card statements and credit score. Immediately report any irregularities to your bank or other relevant company.

3. You can try locking down your credit score, but this can be expensive and it has drawbacks.

4. Here’s a favorite tip of mine: Memorize and use fake answers to those terrible security authentication questions. Anybody can figure out your mother’s maiden name with some simple Google searching, but it’s much harder to figure out the name you told your bank was actually “Jingleheimer-Smith-Hamburger” rather than “Johnson.”

5. Don’t click any suspicious links in any suspicious emails. Always good advice.

6. Finally, wherever available, turn on Two-Step Authentication. This turns your mobile phone into a sort of secondary password that you carry with you at all times, far away from any nefarious hackers.

Write to Alex Fitzpatrick at alex.fitzpatrick@time.com.

SPONSORED FINANCIAL CONTENT

Read More From TIME

EDIT POST