JPMorgan, the largest U.S. bank with $3.4 trillion in assets, recently addressed a concerning software issue that exposed the personal and financial information of nearly half a million retirement plan holders. The issue allowed three system administrators to access sensitive data such as names, social security numbers, addresses, payment amounts, and routing and account numbers without authorization.
According to JPMorgan’s filing with the Office of the Maine Attorney General, the administrators, who were employed by JPMorgan customers or their agents, had access to the data when running specific reports. The bank became aware of the breach on February 26, after one of the admins self-reported the unauthorized access that had been ongoing since August 2021.
During the more than two-year period before the breach was discovered, the administrators downloaded only twelve affected reports and have since reported deleting the data. JPMorgan took immediate action to correct the user access issue and implemented a software update to prevent future unauthorized access.
Affected customers were notified in writing on April 18 and offered two years of identity protection support. Despite the breach, JPMorgan assured that there is no indication of data misuse. This incident comes amidst a wave of data breaches in the banking sector, with Bank of America also reporting a potential breach affecting over 50,000 account holders in November.