 | ||
The 2014 JPMorgan Chase data breach was a cyber-attack against American bank JPMorgan Chase that is believed to have compromised data associated with over 83 million accounts – 76 million households (approximately two out of three households in the country) and 7 million small businesses. The data breach is considered one of the most serious intrusions into an American corporation's information system and one of the largest data breaches in history.
The attack – disclosed in September 2014 – was discovered by the bank's security team in late July 2014, but not completely halted until the middle of August. The bank declared that login information associated with the accounts (such as social security numbers or passwords) was not compromised but names, email and postal addresses, and phone numbers of account holders were obtained by hackers, raising concerns of potential phishing attacks.
The attack targeted nine other major financial institutions alongside JPMorgan Chase. As of October 9, the only other company believed to have had data stolen is Fidelity Investments but investigators reported the attack attempted to infiltrate the networks of banks and financial companies such as Citigroup, HSBC Holdings, E*Trade, Regions Financial Corporation and payroll-service firm Automatic Data Processing (ADP).
US federal indictments were issued against four hackers in the massive fraud in November 2015. Two Israelis indicted, Gery Shalon and Ziv Orenstein, were arrested in Israel and will be extradited to the U.S. according to Israel’s Justice Ministry.