A huge cyberattack against JPMorgan Chase & Co. this summer has compromised customer information for about 76 million households and 7 million small businesses, the bank said Thursday.
The New York-based bank said that names, addresses, phone numbers and email addresses of customers were stolen from the company’s servers but only Chase customers who use certain websites or mobile apps were affected. Those websites were Chase.com, JPMorganOnline, ChaseMobile and JPMorgan Mobile.
JPMorgan said there’s no evidence that the data breach included account numbers, passwords, Social Security numbers or dates of birth. It also said it has not seen any unusual customer fraud stemming from the data breach.
JPMorgan Chase, the nation’s biggest bank by assets, has been working with law enforcement officials to investigate the cyberattack.
The bank discovered the intrusion on its computer servers in mid-August and has since determined that the breach began as early as June, said spokeswoman Patricia Wexler.
“We have identified and closed the known access paths,” she said, declining to elaborate.
The company also disabled compromised accounts and reset passwords of all its technology employees, Wexler said.
In a post on its Chase.com website, the bank told customers that it doesn’t believe they need to change their password or account information.
The breach is the latest in a series of data thefts that have hit financial firms.
Last year, four Russian nationals and a Ukrainian were charged in what has been called the largest hacking and data breach scheme ever prosecuted in the United States. They were accused of running a hacking organization that penetrated computer networks of more than a dozen major U.S. and international corporations over seven years, stealing and selling at least 160 million credit and debit card numbers, resulting in losses of hundreds of millions of dollars.
Heartland Payment Systems Inc., which processes credit and debit cards for businesses, was identified as taking the biggest hit in a scheme starting in 2007 — the theft of more than 130 million card numbers at a loss of about $200 million. Global Payment Systems, another major payment processing company, had nearly 1 million card numbers stolen, with losses of nearly $93 million, according to prosecutors.
Jamie Dimon, the bank’s CEO, said in this year’s annual report to shareholders that despite spending millions on cybersecurity, JPMorgan remained worried about the threat of attacks. By the end of this year, the bank estimates that it will be spending about $250 million annually on cybersecurity and employing 1,000 people in the area.
In August, the FBI said that it was working with the Secret Service to determine the scope of recent cyberattacks against several American financial institutions.
Last month, JPMorgan began notifying customers that it would reissue credit or debit cards in the wake of a data breach at Home Depot. Wexler said the bank doesn’t plan to reissue cards as a result of the breach of its servers, noting that customer account information was not stolen.
The stock of JPMorgan was down 18 cents in after-hours trading following the news. It closed down 53 cents to $58.84 in regular trading.
(AP)