JPMorgan Chase Hack Impacts 76 Million Households

A cyberattack on JPMorgan Chase this summer has compromised the personal information of 76 million households and 7 million small businesses, making it one of the largest data breaches ever.

In a securities filing on Thursday, the bank revealed details of the breach first disclosed in August, noting that user contact information — including names, addresses, phone numbers, and email addresses — was stolen. At this point, however, there is no evidence that user account data — such as account numbers, passwords, user IDs, birthdates, or Social Security numbers — was compromised during the attack.

In addition, the company reiterated that it has not discovered any unusual customer fraud related to the breach. Customers are not liable for any unauthorized transactions that they "promptly" report to the firm.

"[JPMorgan] continues to vigilantly monitor the situation and is continuing to investigate the matter," according to the filing. The company is also working with the government on its investigation of the breach.

The intrusion began in June but was not discovered until July, and its impact is more widespread than initially thought, according to a report from The New York Times, citing several people with knowledge of the attacks. Until a few weeks ago, JPMorgan executives believed that just one million accounts were compromised.

The hackers gained entry into the company's systems by first getting their hands on a list of applications and programs that run on employees' computers. They then exploited known vulnerabilities in those programs and Web applications to break into the bank's network and obtain administrative privileges to dozens of servers.

It could take months for the bank to clean up its systems, possibly giving hackers time to exploit additional vulnerabilities that would allow for re-entry in the future, the Times' sources said.

JPMorgan customers should be on the lookout for phishing emails attempting to trick them into handing over even more personal information, like their usernames and passwords. Moreover, the breach may be especially harmful for those small businesses that were affected, said John Zurawski, vice president for security firm Authentify.

"Many small businesses are often no better protected, from an IT perspective, than the average home computer," he said. "On the other hand, there could be considerably more money involved including payroll accounts. Adding employees to a payroll account and paying them usually doesn't trigger an alarm."

Small businesses should immediately change their passwords, and JPMorgan will have to authenticate those requests carefully, Zurawski said.

For more on the breach and what it means to you, check out the video below.

About Our Expert

Angela Moscaritolo

Managing Editor, Consumer Electronics

My Experience

I'm PCMag's managing editor for consumer electronics, overseeing an experienced team of analysts covering smart home, home entertainment, wearables, fitness and health tech, and various other product categories. I have been with PCMag for more than 10 years, and in that time have written more than 6,000 articles and reviews for the site. I previously served as an analyst focused on smart home and wearable devices, and before that I was a reporter covering consumer tech news. I'm also a yoga instructor, and have been actively teaching group and private classes for nearly a decade.

Prior to joining PCMag, I was a reporter for SC Magazine, focusing on hackers and computer security. I earned a BS in journalism from West Virginia University, and started my career writing for newspapers in New Jersey, Pennsylvania, and West Virginia.

The Technology I Use

My little Florida beach bungalow is brimming with smart home tech. I have a smart speaker or display in every room, allowing me to control other connected devices by voice. The Nest Hub on my bedside table lets me set wake-up alarms, control my smart light bulbs, and set the temperature on my smart thermostat. I use the Amazon Echo Show 8 on my kitchen counter to browse recipes, reorder protein powder, check the weather, and watch the news while I do dishes.

Because I suffer from allergies, air purifiers are essential. My favorite model is the Dyson Purifier Cool TP07, which doubles as a fan and continuously sends indoor pollution data to its companion mobile app.

My pitbull Bradley sheds, so a good robot vacuum is a must. I currently use a premium Ecovacs Deebot that can both vacuum and mop, empty its own dustbin, and wash its own mop cloth.

For fitness, I like to mix up my routine with cycling, indoor rowing, running, and strength training in addition to yoga. I take classes on the Tonal 2 smart strength training machine, I row indoors on an Aviron machine, and track my beach runs with an Apple Watch while listening to music on my Apple AirPods Pro. On the weekends, I love riding e-bikes like the rugged, beach-friendly Aventon Aventure for fun and fitness.

My job involves a lot of virtual meetings, so a quality webcam, microphone, and ring light are important. I use the Jabra PanaCast 20 webcam, the Elgato Wave: 3 microphone, and a Yesker tripod ring light.

As for my preferred phone platform, I'm an iPhone person, but I've also extensively used Android for product testing.

Read the latest from Angela Moscaritolo

Read full bio