JPMorgan Chase — the largest bank in the U.S. — announced Thursday that 76 million households and 7 million small businesses could have had their private information exposed in a recent cyberattack.
“User contact information — name, address, phone number and email address — and internal JPMorgan Chase information relating to such users have been compromised,” the bank revealed in a Thursday filing with the Securities and Exchange Commission, Business Insider reports.
“However, there is no evidence that account information for such affected customers — account numbers, passwords, user IDs, dates of birth or Social Security numbers — was compromised during this attack.”
Agencies including the FBI and NSA have been investigating a successful hack against the bank since August, when investigators believe a Russian-based hacking network exploited a vulnerability on a bank website and broke through multiple layers of complex security to steal gigs of sensitive data. (RELATED: FBI, NSA Investigating Whether Russia Hacked U.S. Banks To Retaliate Against Economic Sanctions)
Sources familiar with the probe told Bloomberg in August that data seized from bank employees — including executives — may have included customer data.
A spokesperson for JPMorgan denied a New York Times report alleging the bank had been hacked twice in the last three months, and the Thursday SEC filing states the reported breach is in regard to a previously disclosed cyberattack — implying that the Russian-based attack and the breach reported Thursday are one and the same.
JPMorgan is on high alert for unusual activity but reports it has yet to encounter any unusual fraud that could be linked to the hack.
“How would you shake the United States back? Attack a bank in cyberspace,” former NSA Director Gen. Keith Alexander said last month. “If it was them, they just sent a real message: ‘You’re vulnerable.’” (RELATED: Ex-NSA Chief Keith Alexander Says JPMorgan Hack Proves U.S. Financial System Is Vulnerable)