JPMorgan Chase says summer attack affected 76M households; denies another breach

By Chad Hemenway on October 2, 2014

Customers who use the websites and JPMorganOnline and the apps ChaseMobile and JPMorgan Mobile were affected, JP Morgan Chase & Co said in a regulatory filing with the Securities and Exchange Commission that a cyber attack this summer compromised the accounts of 76 million households and seven million small businesses.

Meanwhile, reports said the largest bank in the US is again looking to get a handle on another cyber breach, but the bank says it is not aware of a cyber attack.

Account holders’ names, addresses, phone numbers and email addresses were compromised in June and July but JPMorgan Chase said account numbers, PIN numbers or Social Security numbers were stolen. No fraudulent activity has been seen, the bank reported in the October 2 filing.

Customers who use the websites and JPMorganOnline and the apps ChaseMobile and JPMorgan Mobile were affected.

The New York Times on October 2 reported, citing several unnamed sources, that JP Morgan Chase was “scrambling to contain” a security breach by hackers with links to Italy.

The report said information on at least one million customer accounts from dozens of servers were accessed.

JPMorgan Chase did not immediately return a call from Advisen seeking a comment but the bank told other media sources the report was false. (The New York Times link above originally went to a story headlined “JPMorgan Discovers Further Cyber Security Issues.” Late on October 2 the link went to story on JP Morgan’s SEC filing, with no mention of its earlier report.)

The FBI in late August said it and the US Secret Service was investigating reported cyber attacks on US financial institutions, including JPMorgan Chase. At the time JPMorgan said there were no signs any customer information or funds were taken and it believed all systems were secure.

Reportedly, Russian hackers were to blame for the last round of cyber attacks against JPMorgan Chase and others.

A recent PriceWaterhouseCoopers report on US cyber crime reported that nation-state hackers are of particular concern. Sean Joyce, a PwC principal and former FBI deputy director, said, “We are seeing increased activity from nation-state actors, which could escalate due to unrest in Syria, Iran, and Russia. These groups may target financial services and other critical infrastructure entities.”

U.S. Treasury Secretary Jacob J. Lew in July urged financial institutions to intensify efforts toward cybersecurity.

Chad Hemenway is Managing Editor of Advisen News. He has more than 15 years of journalist experience at a variety of online, daily, and weekly publications. He has covered P&C insurance news since 2007, and he has experience writing about all P&C lines as well as regulation and litigation. Chad won a Jesse H. Neal Award for Best Single Article in 2014 for his coverage of the insurance implications of traumatic brain injuries and Best News Coverage in 2013 for coverage of Superstorm Sandy. Contact Chad at 212.897.4824 or