JPMorgan Chase says the contact information for 76 million households and 7 million small businesses was compromised in a data breach.
The company made the revelation in a filing with the Security and Exchange Commission on Thursday.
Chase said the breach exposed the names, addresses, phone numbers and email addresses of its customers.
Chase is the largest bank in the United States. The New York Times reports:
"Hackers were able to burrow deep into JPMorgan's computer systems, accessing the accounts of more than 90 servers–a breach that underscores just how vulnerable the global financial system is to cyber crime. Until now, most of the largest hack attacks on corporations have been confined to retailers like Target and Home Depot.
"And unlike those retailers, JPMorgan has far more sensitive financial information about customers. Investigators in law enforcement remain puzzled by the attack on the bank because there is no evidence that the attackers looted any customer money from accounts."
The Wall Street Journal adds:
"The attack at J.P. Morgan went unnoticed for about two months this summer, according to people familiar with the matter. Between mid-June and mid-August, hackers breached J.P. Morgan's servers for short intervals, around an hour at a time, these people said. J.P. Morgan learned of the attack in mid-August and stopped it, identifying and closing all access paths, these people said.
"The attack appears to have been caused by malicious computer code, known as malware, people familiar with the matter have said. Some people briefed on the investigation suspect a possible Russian or Eastern European link based on the style of the attacks and the bank target."