JPMorgan Chase , the nation’s largest bank by assets, has revealed the scope of the cyber-attack that compromised its data in mid-August. And while the number of households affected doesn’t surpass the 110 million accounts that were compromised in the Target data breach in late 2013, it does comprise more than half of all U.S. households.
JPMorgan said in an SEC filing Thursday afternoon that information from 76 million households — the equivalent of 65% of all U.S. households — and 7 million small businesses was compromised in the August cyber-security attack against the firm. This is more than the 56 million accounts affected in the Home Depot data breach earlier in the year, but less than the suspected 110 million compromised accounts from Target’s massive data leak.
Compromised information at JPMorgan consisted primarily of customer contact information — names, addresses, phone numbers and email addresses, as well as internal JPMorgan information about customers. But very sensitive information, however, remained safe.
“There is no evidence that account information for such affected customers — account numbers, passwords, user IDs, dates of birth or Social Security numbers — was compromised during this attack,” the company said in the SEC filing. In a message to customers on Chase.com, the bank was even more blunt.
“Your money at JPMorgan Chase is safe,” the company said. “Unlike recent attacks on retailers, we have seen no unusual fraud activity related to this incident.” The firm went on to say that customers are not responsible for any unauthorized transactions in their accounts.
JPMorgan was apologetic, adding, “We are very sorry that this happened and for any uncertainty this may cause you. We don’t believe that you need to change your password or account information. …Attacks like these are frustrating. There are always lessons to be learned, and we will learn from this one and use that knowledge to make our defenses even stronger.”
This is the latest in a string of high-profile data breaches; in early September, home improvement retailer Home Depot revealed that five months’ worth of transactions were compromised, and of course in January Target revealed that the number of customers affected by its data breach surpassed the original 40 million estimate and could be as high as 110 million.
Following JPMorgan’s SEC disclosure, shares of the company’s stock ticked down 0.4% in Thursday’s after-hours trading session; it closed the regular trading session down 0.89%. Year-to-date, shares of the bank are up barely 3%.