The cyberattack that hit JPMorgan Chase this summer exposed contact information from more than 76 million household accounts and 7 million accounts belonging to small businesses, the New York Times reported Thursday. Although the number of customers affected is significantly higher than first reported in July, the company says it had not detected any fraudulent activity on breached accounts.
“User contact information – name, address, phone number and email address – and internal JPMorgan Chase information relating to such users have been compromised,” according to a routine report filed Thursday with the U.S. Securities and Exchange Commission. "However, there is no evidence that account information for such affected customers – account numbers, passwords, user IDs, dates of birth or Social Security numbers – was compromised during this attack.”
After the attack, the bank promised to enhance its security measures in an effort to reassure customers who feared that their financial data was at risk. The new security initiatives will cost $250 million a year and will be led by a team of a thousand people, according to CNBC.
The attack began in June, and hackers were able to breach the security of more than 90 Morgan servers by the time they were discovered in July, which the New York Times said “underscores just how vulnerable the global financial system is to cybercrime.”
“The fact that even these companies can experience a successful attack should definitely raise eyebrows because they spend the most money and have the most sophisticated defenses,” Jacob Olcott, a cybersecurity expert at Good Harbor Security Risk Management, recently told the Huffington Post.
The Federal Bureau of Investigation began investigating the attack in August with the help of the Secret Service. Investigators are confounded that hackers did not use the security breach to benefit financially, according to the New York Times.
This has been a bad week for JPMorgan. The cyberattack report came just days after U.S. District Judge Paul Oetken ruled the company liable in a class-action lawsuit. According to Reuters, the lawsuit claimed the bank gave misleading information to a group of investors who then purchased $10 billion worth of mortgage-backed securities.