JPMorgan Chase Breach is Complicated

First it was reported that the recent JPMorgan Chase & Co. data breach was limited to JPMorgan. Then it came out that the breach may have targeted a few other big banks. Now it is being widely reported that the hack may have targeted 13 other financial institutions (FIs) as well. The source of the attack is apparently still unknown.

In the JPMorgan breach, customer information pertaining to 76 million households and 7 million small businesses was compromised, according to an 8-K filing the bank made to the U.S. Securities and Exchange Commission on Oct. 2, 2014. JPMorgan claimed that the data compromise, which reportedly began the previous June and only came to light in July, was limited to names, addresses, phone numbers, and email addresses, and did not include financial account details, such as Social Security and credit card numbers, or the user IDs and passwords that would provide online access to those details.

On the Chase.com website, JPMorgan provided cardholders with further information about the breach, noting that the compromise affected its online banking portals, Chase.com and JPMorganOnline, as well as its mobile apps, ChaseMobile and JPMorgan Mobile. The fraudsters also compromised "internal Chase data used in connection with providing or offering services, such as the Chase line of business the user is affiliated with," JPMorgan said.

The bank is not offering its customers credit/identity theft monitoring because of its claim that no financial information was breached. Both the FBI and the U.S. Secret Service are investigating the incident.