The Largest Bank in the U.S. Recently Disclosed a Massive Security Flaw, Affecting Nearly Half a Million Retirement Customers One of the people who had unauthorized access self-reported the issue.

By Sherin Shibu

Key Takeaways

  • JPMorgan recently corrected an issue that permitted incorrect access to the personal information of more than 450,000 retirement plan holders.
  • The company says it sent written notice to affected customers and offered two years of identity protection support.

JPMorgan, the largest U.S. bank with $3.4 trillion in assets, recently fixed a years-long software issue that allowed unauthorized access to 451,809 retirement plan records.

Three system administrators could access personal and financial information from retirement plan holders when they ran certain reports, though they were not entitled to that information.

The admins could see names, social security numbers, addresses, payment amounts, and routing and account numbers, per JPMorgan's filing with the Office of the Maine Attorney General.

Related: A U.S. State Was Hacked in a Massive Data Breach—And Every Single Resident Is At Risk

All three administrators were employed by JPMorgan customers or their agents and had "an obligation" to keep user data safe as part of their jobs, per the filing.

JPMorgan became aware of the issue on February 26 after one of the admins with incorrect access self-reported it. It started in August 2021.

The bank stated that it "promptly" took measures to correct user access and additionally "tested and applied a software update."

Between the time of the breach and the time of discovery, a more than two-year period, the administrators downloaded a relatively low number of affected reports — only twelve reports in total. They have since reported deleting the data.

Related: JPMorgan Says Its AI Cash Flow Software Cut Human Work By Almost 90%

JPMorgan sent written notice to affected customers on April 18 and offered them two years of identity protection support.

"There is no indication of data misuse," a JPMorgan spokesperson said in a statement to Pensions & Investments.

JPMorgan isn't the only big U.S. bank to report a recent data breach. A ransomware group may have obtained the account information of more than 50,000 Bank of America account holders in November, per a February notice from the bank.
Sherin Shibu

Entrepreneur Staff

News Reporter

Sherin Shibu is a business news reporter at Entrepreneur.com. She previously worked for PCMag, Business Insider, The Messenger, and ZDNET as a reporter and copyeditor. Her areas of coverage encompass tech, business, strategy, finance, and even space. She is a Columbia University graduate.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Most Popular

See all
By Sherin Shibu
Business Ideas

70 Small Business Ideas to Start in 2025

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2025.

By Eve Gumpel
Business News

This Apple Offering Is Causing the Company to Lose Over $1 Billion a Year

Apple can afford the loss — the company's Services division brought in $26.3 billion overall for Apple for the three months ending in January.

By Sherin Shibu
Money & Finance

People Have a 'Very Big Misconception' About How to Save Money on Taxes. Skipping This Step Could Cost You Thousands of Dollars.

You might have heard about a limit that doesn't exist — and it could be hurting your bank account.

By Amanda Breen
Science & Technology

Recent Trends in Generative AI — and How Business Professionals Can Navigate and Capitalize on Them

Here's what you need to know about the rapid rise of generative AI.

By Anis Uzzaman
Starting a Business

This Overlooked Principle Is the Secret Ingredient to Startup Success

Startups live fast, but the ones that last know the real secret to success — showing up, delivering and staying consistent every time.

By Gideon Kimbrell