Consumers suffering data-breach fatigue have yet another reason to be vigilant—but now, it's not just your bank statements you'll need to scrutinize.
JPMorgan Chase said Thursday that a computer hack this summer compromised contact information for 76 million households and 7 million small businesses that had used the bank's online and mobile sites. Hackers captured names, email addresses, phone numbers and mailing addresses, the company wrote in a note to customers on Chase.com.
"There is no evidence that your account numbers, passwords, user IDs, date of birth or Social Security number were compromised during this attack," according to the note. The bank also said it has seen no fraudulent activity related to the breach.
In one sense, that's a relief for customers. "From what it looks like right now, nothing was taken that should have consumers concerned about [whether] someone has access to their bank account," said Geoff Webb, senior director of solution strategy for security management firm NetIQ.
But compromised contact information can still pose a danger to your finances. Hackers know where those affected consumers bank, and how to reach them. "People need to be much more wary of phishing attacks in particular," said Jason Malo, a research director with CEB TowerGroup.
Chase's announcement comes on the heels of a string of data breaches, including last month's Home Depot breach that affected some 56 million credit card numbers and the revelation in August that a Russian crime ring stole an estimated 1.2 billion username and password combos.
"Consumers are getting numb to this kind of news," said Linda Sherry, director of national priorities for advocacy group Consumer-Action.org. But that's the wrong reaction. "You protect yourself by responding in some way," she said.
Step One: Change your login information. Chase told customers it doesn't believe there's a need for them to change their usernames and passwords. But it can't hurt, especially if you've used that same login on other sites.
Step Two: Monitor your accounts. "We all need to remain watchful, especially if an institution has been breached," Sherry said. Again, there's no evidence of fraud tied to the breach, and Chase has said customers wouldn't be responsible for any such transactions.
But you'll be on your own to check—a bank spokeswoman told CNBC that credit monitoring would not be provided to customers because no financial information was compromised. Comb through monthly statements and sign up to get alerts on possibly fraudulent activity, Sherry said.
Step Three: Scrutinize bank communications. Consumers are used to receiving email missives from their banks and calls about possibly fraudulent transactions. Now, don't be quick to assume those are legit. With Chase customers' contact information, hackers may pose as the bank in phone calls or emails. "There's an opportunity there for phishing attacks that are more targeted," Malo said.
Don't respond directly to emails or click on links in them, or give out sensitive information to someone claiming to be from the bank who calls or texts you, Webb said. Instead, call the number on the back of your bank card or visit the bank website directly to check the authenticity of any communications and take action if needed.
This article originally appeared at CNBC.