Seventy-six million households and 7 million small businesses were subject to a security hack at JPMorgan Chase & Co. that exposed names, addresses, phone numbers and email addresses.
The breach may have exposed personal information of former account holders and people who entered contact information at the bank's online and mobile sites as well as that of customers.
The company first discovered the data intrusion in July, when it announced that about a million of its customers were affected. The bank stopped the security breach in mid-August by closing access paths to its servers and began working with the FBI to trace the source to Russian cyber crooks.
But the massive scale of the attack has just been revealed by the bank.
JP Morgan said it hasn’t discovered any fraudulent activities resulting from the attacks, and it added in a statement that "there is no evidence that account information for such affected customers—account numbers, passwords, user IDs, dates of birth or social security numbers—was compromised during this attack."
Although there is no evidence of fraud, several security experts say information could be used for fraudulent activities like identity theft. One former federal cyber crimes prosecutor told Reuters, "The kind of information that was stolen is not sensitive itself but is frequently used to validate people's identities."
JPMorgan & Chase is reportedly advising its customers that they don’t need to change passwords, and it's not offering free credit report monitoring for those affected.
The banking giant is the first financial institution to experience a cyber crime on such a massive scale. JPMorgan now joins large retailers such as Home Depot and Target on the growing list of cyber crime targets.