J.P. Morgan application bug exposes data of 451,000 individuals
Learn More
J.P. Morgan Chase has reported a data breach impacting over 451,000 of its plan participants. The breach originated from reports run between August 26, 2021, and February 23, 2024.
Customer details were inadvertently disclosed due to a software malfunction rather than a direct cyberattack. The error was identified when reports generated by three authorized system users inadvertently contained sensitive information about plan participants which these users were not supposed to access, suggesting that this was an internal oversight rather than external malicious action.
The issue was discovered on February 26, 2024 and J.P. Morgan addressed the issue by restricting unauthorized access and implementing a software update to prevent future occurrences.
The exposed information includes:
- names,
- addresses,
- Social Security numbers,
- bank routing and account numbers,
- specific details related to payment and deduction amounts.
J.P. Morgan is providing affected individuals with two years of free identity theft protection services via Experian’s IdentityWorks. Additionally, they have made a call center available to answer any questions from impacted participants.
