Despite the efforts of the U.S. Department of Justice, JPMorgan Chase, the country’s biggest bank by assets, revealed that approximately 76 million households and seven million small businesses have been compromised.
The colossal breach in account security comes more than a month after the Federal Bureau of Investigation said it was investigating cyberattacks on U.S. banks across the country.
JP Morgan admitted that “user contact information” including the name, address, phone number, email address, and “internal JPMorgan Chase information relating to such users” was affected by the breach.
The bank says, however, that there is “no evidence” that the breach allowed anyone to access the account numbers, passwords, user IDs, birthday, or social security numbers of the account holders and that there wasn’t any “unusual consumer fraud” related to the breach. The hackers, it seems, have not actually gotten any money from the cyberattack.
JPMorgan Chase has 65.8 million open credit card accounts and 31.8 million with sales activity. Chase also has 30.1 million checking accounts.
JPMorgan officials said that in June and August, the hackers got access to some information for people using Chase.com and the Chase app, as well as private bank customers using the JPMorgan website and app. It did not include passwords that could help hackers log in to other sites or email accounts nor the banking information that would allow them to use Chase credit cards or take money from customer accounts.
Wexler explained the disparity between the number of Chase checking and credit card account holders and the size of the hack by saying that the number of people logging into Chase.com or JPMorgan Online can include customers that don’t have bank or credit card accounts with Chase like mortgage or auto borrowers. Some data accessed by the hackers could also belong to former Chase customers, Wexler said.
According to Bloomberg News, the hackers were able to get information that allowed them to tell what type of customers the users were, “such as whether they are clients of the private-bank, mortgage, auto or credit-card divisions.”
The Wall Street Journal reported the attack was first launched in mid-June but wasn’t noticed by JPMorgan until mid-August.
JPMorgan has been amping up its efforts to repel and counterattack cyberattacks in recent years. Chairman and Chief Executive Officer Jamie Dimon said in a statement that JPMorgan will spend $250 million this year and employ an technical army of 1,000 employees to thwart such attacks. That’s up from 600 employees working on it in 2012 and $200 million spent that year.
“Despite these intense efforts, we acknowledged that the issue of cybersecurity worried us,” Dimon wrote in the letter, “that worry only has continued to intensify.”