More than half of all households in the United States were affected by a data breach that occurred earlier this summer, JPMorgan Chase revealed on Thursday. The names, addresses, and numbers of millions of affected bank clients were stolen by hackers.
The largest bank in the country said in a regulatory filing that 76 million households and seven million businesses had their data compromised – including names, email addresses, home addresses, and phone numbers.
However, the bank said that all account holders’ money was safe, and that there is no evidence to suggest that even more sensitive information like Social Security numbers or passwords were stolen.
So far, the bank says it “continues not to have seen any unusual customer fraud related to this incident.”
Additionally, JPMorgan said that customers won’t be liable for any unauthorized transactions that occur under affected accounts, so long as the company is promptly notified.
The incident is currently being investigated by the FBI, though detectives told The New York Times that the case is baffling due to the fact that the hackers did not steal any money from the accounts they compromised.
While it is unclear at this point who the attackers are, the media has already quoted security experts and some law enforcement officials speculating that some foreign nations – including Russia and southern European countries – may have been responsible for the hack.
The attack itself reportedly occurred in multiple stages between June and August, according to The Wall Street Journal. Hackers specifically set their sights on servers containing user contact information, and were able to work their way deep into JPMorgan’s network through a personal computer belonging to an employee.
While the bank has since changed all of its passwords and shut down accounts that were potentially breached, the Times reported that hackers “made off with a list of the applications and programs that run on every standard JPMorgan computer,” which they can use to “cross check with known vulnerabilities in each program and web application, in search of an entry point back into the bank’s systems.”
Multiple unnamed sources with knowledge of the bank’s ongoing investigation added to the outlet that the process of changing all this software will take months. In that case, there is a fear that hackers could potentially find a way to re-enter JPMorgan’s network before the work is done.