JPMorgan: 76M households exposed in cyberbreach

Some 7 million small businesses were also compromised in the computer attack over the summer -- far more than the 1 million customer accounts initially thought to have been breached.

Michelle Meyers
Michelle Meyers wrote and edited CNET News stories from 2005 to 2020 and is now a contributor to CNET.
Seth Rosenblatt Former Senior Writer / News
Senior writer Seth Rosenblatt covered Google and security for CNET News, with occasional forays into tech and pop culture. Formerly a CNET Reviews senior editor for software, he has written about nearly every category of software and app available.
Michelle Meyers
Seth Rosenblatt
2 min read


JPMorgan Chase revealed in a regulatory filing Thursday that contact information for 76 million households and 7 million small businesses was compromised in the data breach reported in late August.

That makes it a much bigger breach than initially thought. Early accounts had estimated that around 1 million customers had been affected by the hack. It also likely makes it one of the largest corporate hacks ever reported. JP Morgan is the largest bank in the US and the sixth-largest bank in the world.

In its filing with the Security and Exchange Commission, JP Morgan said the user contact information compromised included names, addresses, phone numbers, email addresses and internal customer data. There's no evidence, however, that account numbers, passwords, user IDs, dates of birth or Social Security numbers were compromised.

And thus far, the firm hasn't seen any fraud related to the breach. It reiterated that customers aren't liable for any unauthorized transactions on their accounts.

The JP Morgan hack was originally discovered in July, a month after hackers were suspected of breaking in to the financial institution's servers.

Many major financial institutions -- including Wells Fargo, JP Morgan Chase, Bank of America, Citigroup and HSBC -- were attacked earlier this year with denial-of-service attacks that interrupted their websites and Internet operations. US government officials believe that the attacks came from Iran.

Large-scale hacks affecting tens of millions of customers have occurred numerous times in the past 12 months. Word of the biggest single-company breach came in December as consumer retail goods titan Target said that hackers pilfered credit card data for more than 110 million customers. Other major hacks reported this year include department store Neiman Marcus, restaurant chain P.F. Chang's, arts- and crafts-supplies chain Michaels Stores. Also making news were celebrity photos stolen through a vulnerability in Apple's iCloud.

Although JP Morgan reported that no customer financial data was stolen, the company said that the hackers made off with knowledge of most if not all software installed on a standard JP Morgan computer.

This means that the hackers could track down known, unpatched vulnerabilities for those software programs to regain illegal access to JP Morgan's computers.

Corrected at 5:56 a.m. PT: To fix the headline of the story, which originally had 75 million households affected by the breach.