JPMorgan Chase disclosed Thursday that a cyberattack over the summer compromised the accounts of 76 million households and 7 million small businesses, far more than originally estimated.
The hacking ranks among the biggest of all-time impacting a corporation and serves as a stark reminder of how companies are being outwitted by people intent of stealing their client information.
JPMorgan said in a regulatory filing on Thursday that the widespread data breach affected customers who used the bank’s Chase.com and JPMorganOnline websites, as well as the Chase and J.P. Morgan mobile apps. While the breach may have compromised users’ contact information – such as names, address, phone number, e-mail, etc. – the bank says “there is no evidence” that customers’ financial information was stolen.
That would mean that customers’ account numbers and passwords, as well as their Social Security numbers, were not compromised in the breach. JPMorgan, the largest U.S. bank by assets, emphasized that it has yet “to have seen any unusual customer fraud related to this incident,” and the firm noted that customers are not liable for unauthorized transactions on their accounts so long as they notify JPMorgan promptly.
The bank says it continues to investigate the matter and is cooperating with government authorities in their ongoing investigations into the breach. The Federal Bureau of Investigation and various security firms focused on digital forensics are also investigating the attacks.
News of the JPMorgan hacking, and that of several other banks, was first revealed in August. Thursday’s filing by JP Morgan shows that it was far larger than originally estimated.
The banking giant’s stock fell 0.2% in after-hours trading after having dropped 0.9% during the day. JPMorgan’s shares (JPM) have lost 1.3% of their value since the end of August, when the attacks were first announced.