Ending Soon! Save 33% on All Access

The Largest Bank in the U.S. Recently Disclosed a Massive Security Flaw, Affecting Nearly Half a Million Retirement Customers One of the people who had unauthorized access self-reported the issue.

By Sherin Shibu

Key Takeaways

  • JPMorgan recently corrected an issue that permitted incorrect access to the personal information of more than 450,000 retirement plan holders.
  • The company says it sent written notice to affected customers and offered two years of identity protection support.

JPMorgan, the largest U.S. bank with $3.4 trillion in assets, recently fixed a years-long software issue that allowed unauthorized access to 451,809 retirement plan records.

Three system administrators could access personal and financial information from retirement plan holders when they ran certain reports, though they were not entitled to that information.

The admins could see names, social security numbers, addresses, payment amounts, and routing and account numbers, per JPMorgan's filing with the Office of the Maine Attorney General.

Related: A U.S. State Was Hacked in a Massive Data Breach—And Every Single Resident Is At Risk

All three administrators were employed by JPMorgan customers or their agents and had "an obligation" to keep user data safe as part of their jobs, per the filing.

JPMorgan became aware of the issue on February 26 after one of the admins with incorrect access self-reported it. It started in August 2021.

The bank stated that it "promptly" took measures to correct user access and additionally "tested and applied a software update."

Between the time of the breach and the time of discovery, a more than two-year period, the administrators downloaded a relatively low number of affected reports — only twelve reports in total. They have since reported deleting the data.

Related: JPMorgan Says Its AI Cash Flow Software Cut Human Work By Almost 90%

JPMorgan sent written notice to affected customers on April 18 and offered them two years of identity protection support.

"There is no indication of data misuse," a JPMorgan spokesperson said in a statement to Pensions & Investments.

JPMorgan isn't the only big U.S. bank to report a recent data breach. A ransomware group may have obtained the account information of more than 50,000 Bank of America account holders in November, per a February notice from the bank.

Sherin Shibu

Entrepreneur Staff

News Reporter

Sherin Shibu is a business news reporter at Entrepreneur.com. She previously worked for PCMag, Business Insider, The Messenger, and ZDNET as a reporter and copyeditor. Her areas of coverage encompass tech, business, strategy, finance, and even space. She is a Columbia University graduate.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Business News

TikTok Reportedly Laid Off a 'Large Percentage' of Employees as the App's Fate in the U.S. Remains Unclear

Laid-off TikTok employees were notified Wednesday night through Thursday morning.

Business News

More People Are Exploring Entrepreneurship Because of This Unexpected Reason

More new business applications were filed in 2023 than in any other year so far.

Business News

Four Seasons Orlando Responds to Viral TikTok: 'There's Something Here For All Ages'

The video has amassed over 45.4 million views on TikTok.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.


8 Subtle Hints that People Don't Respect You — and How to Fix Them

While you have to earn respect, you don't have to deal with disrespect in the meantime.