JPMorgan Chase Details Breadth of Earlier Cyber Attack
JPMorgan Chase said it was fully cooperating with U.S. law officials to determine the scope of a previously disclosed security breach that compromised internal information and its clients’ contact info.
On Thursday, the company disclosed that the breach impacted about 76 million households and 7 million small businesses, but it did not find evidence of unusual fraud activity related to the incident.
“[T]here is no evidence that account information for such affected customers—account numbers, passwords, user IDs, dates of birth or Social Security numbers—was compromised during this attack,” the bank said in an SEC filing. “User contact information—name, address, phone number and email address—and internal JPMorgan Chase information relating to such users have been compromised.”
The company moved to reassure customers that they would not be responsible for any fraudulent charges and said it was continuing to investigate the matter.
Earlier Thursday, JPMorgan Chase told CNBC it was not aware of a new cyberattack on its computer network, striking down a New York Timesreport that said it was battling its second security breach in the last three months. The Times later corrected its coverage.
The banking giant plans to spend to spend $250 million annually to protect itself from cyberattacks and data protection. JPMorgan CEO Jamie Dimon said in his annual report that he plans to appoint 1,000 people to focus on the effort.
“In our existing environment and at our company, cybersecurity attacks are becoming increasingly complex and more dangerous,” Dimon said. “The threats are coming in not just from computer hackers … but also from highly coordinated external attacks both directly and via third-party systems.”
CORRECTION: JPMorgan Chase’s cyberattack reportedly started in June and was discovered in July. A headline on an earlier version of this article incorrectly stated the month of the attack.