The largest U.S. bank by assets said the unknown attackers stole customers’ contact information—including names, email addresses, phone numbers and addresses. The breach, which was first disclosed in August and is still under investigation by the bank and law enforcement, extended to the bulk of the bank’s customer base, affecting an amount equivalent to two-thirds of American households. It also affected about seven million of J.P. Morgan’s small-business customers. It isn’t clear how many of those households are U.S.-based.
The bank said hackers were unable to gather detailed information on accounts, such as account numbers, passwords, Social Security numbers or dates of birth. Customer money is “safe,” the bank said in a statement to customers on Thursday.