In a filing made with the US Securities and Exchange Commission (SEC) on Thursday, JPMorgan reported that contact information including name, address, phone number and email address, were compromised by hackers.
A former federal cyber crimes prosecutor Mark Rasch was quoted by Reuters as saying: "All of this data is useful to hackers and identity thieves.
"The kind of information that was stolen is not sensitive itself, but is frequently used to validate people’s identities."
However, the lender did not find any clues related to the theft of account numbers, passwords, user IDs, date of birth details or social security numbers. It noted that it had not seen any unusual customer fraud arising from the breach.
When the breach first came to light in August, JPMorgan said that it was working in coordination with the US law enforcement authorities over the suspected cyber attack.
The hackers accessed the accounts for a month since July, before it was found out by the bank.
Illinois attorney general Lisa Madigan said: "This is among the most troubling breaches ever — and not just because of its magnitude, but because it proves that there is probably no database that cyber criminals cannot compromise.
"Chase is trying to diminish the extent of the breach, but what’s clear is that people can no longer assume their information is safe. Americans must assume that cyber criminals are working 24/7 to steal their personal information."
Image: The JPMorgan Chase headquarters at 270 Park Avenue in Manhattan, New York. Photo: courtesy of Official-ly Cool.
