JPMorgan's Supersize Data Breach Hits 76 Million Households

Photograph by Ron Antonelli/Bloomberg

JPMorgan Chase put another huge number on the board in this year of enormous hacks. The biggest U.S. bank said that a breach of its systems, first reported by Bloomberg News in late August, has affected 76 million households and 7 million small businesses.

The attack started in June and didn’t end until mid-August, after the intruders had made off with gigabytes of information, according to Bloomberg’s original report. In a short regulatory filing, JPMorgan admitted that hackers got access to contact information: names, addresses, phone numbers, and e-mail addresses.

The good news is that there’s no evidence so far that the compromised data included any account numbers, passwords, Social Security numbers, user IDs, or birth dates. And JPMorgan still hasn’t seen “unusual customer fraud” related to the intrusion, according to the company’s statement.

For those whose contact information may have been stolen, one risk is an increase in phishing e-mails, which aim to lure you into clicking on a link or an attachment that will infect your computer. But that’s probably a relief to customers imagining they might wake up to find their bank account cleared out. JPMorgan also said in the statement that you won’t be liable for unauthorized transactions if you report them “promptly.”

If this is the worst news from the breach, it’s reassuring. On the other hand, the larger picture is indeed scary. If any institution in the U.S. is prepared for such an attack, it’s JPMorgan. And yet.

“The fact that JPMorgan Chase could be breached should send a shiver of fear through every organization on the planet,” says Steve Hultquist, chief evangelist at RedSeal Networks, a cybersecurity company. “They are well aware of both the defenses necessary and the importance of protecting against concerted, automated attacks.”

Let’s hope this does scare the pants off a few more companies that become, as a result, better prepared to shut down the next attack.

    Before it's here, it's on the Bloomberg Terminal.