Get All Access for $5/mo

The Largest Bank in the U.S. Recently Disclosed a Massive Security Flaw, Affecting Nearly Half a Million Retirement Customers One of the people who had unauthorized access self-reported the issue.

By Sherin Shibu

Key Takeaways

  • JPMorgan recently corrected an issue that permitted incorrect access to the personal information of more than 450,000 retirement plan holders.
  • The company says it sent written notice to affected customers and offered two years of identity protection support.

JPMorgan, the largest U.S. bank with $3.4 trillion in assets, recently fixed a years-long software issue that allowed unauthorized access to 451,809 retirement plan records.

Three system administrators could access personal and financial information from retirement plan holders when they ran certain reports, though they were not entitled to that information.

The admins could see names, social security numbers, addresses, payment amounts, and routing and account numbers, per JPMorgan's filing with the Office of the Maine Attorney General.

Related: A U.S. State Was Hacked in a Massive Data Breach—And Every Single Resident Is At Risk

All three administrators were employed by JPMorgan customers or their agents and had "an obligation" to keep user data safe as part of their jobs, per the filing.

JPMorgan became aware of the issue on February 26 after one of the admins with incorrect access self-reported it. It started in August 2021.

The bank stated that it "promptly" took measures to correct user access and additionally "tested and applied a software update."

Between the time of the breach and the time of discovery, a more than two-year period, the administrators downloaded a relatively low number of affected reports — only twelve reports in total. They have since reported deleting the data.

Related: JPMorgan Says Its AI Cash Flow Software Cut Human Work By Almost 90%

JPMorgan sent written notice to affected customers on April 18 and offered them two years of identity protection support.

"There is no indication of data misuse," a JPMorgan spokesperson said in a statement to Pensions & Investments.

JPMorgan isn't the only big U.S. bank to report a recent data breach. A ransomware group may have obtained the account information of more than 50,000 Bank of America account holders in November, per a February notice from the bank.

Sherin Shibu

Entrepreneur Staff

News Reporter

Sherin Shibu is a business news reporter at Entrepreneur.com. She previously worked for PCMag, Business Insider, The Messenger, and ZDNET as a reporter and copyeditor. Her areas of coverage encompass tech, business, strategy, finance, and even space. She is a Columbia University graduate.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Side Hustle

'Hustling Every Day': These Friends Started a Side Hustle With $2,500 Each — It 'Snowballed' to Over $500,000 and Became a Multimillion-Dollar Brand

Paris Emily Nicholson and Saskia Teje Jenkins had a 2020 brainstorm session that led to a lucrative business.

Business News

'It's Not About You': How to Fire Someone Effectively, According to Kevin O'Leary

O'Leary says that if you can't fire someone, you aren't the right leader for the organization.

Business News

Meta Makes $1 Million Dollar Donation to Donald Trump's Inaugural Fund

Meta CEO Mark Zuckerberg also reportedly gave Trump a pair of Ray-Ban Meta smart glasses.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Leadership

Should I Stay or Should I Go? 8 Key Points to Navigate the Founder's Dilemma

Here are eight key signs that help founders determine whether to persevere or let go.