JPMorgan Chase Breach Exposed Contact Data for 76 Million Households
JPMorgan Chase disclosed that attackers breached its network and accessed customer contact information tied to 76 million households and 7 million small businesses, making it one of the largest publicly reported compromises of a U.S. financial institution. The bank said the stolen data included names, email addresses, phone numbers, and physical addresses, while account numbers, passwords, Social Security numbers, dates of birth, and debit or credit card data were not exposed. The intrusion reportedly began in June, went undetected for weeks, and involved access to more than 90 servers before the company contained it and notified customers using services such as Chase.com and its mobile banking platforms.
U.S. investigators examined possible Russian links early in the case, and later authorities charged Gery Shalon, Joshua Samuel Aaron, and Ziv Orenstein in connection with a broader hacking campaign tied to the JPMorgan intrusion and other attacks on financial firms and publishers. Prosecutors described the operation as part of a multi-year scheme that stole data from more than 100 million customers across victims, while security experts warned that the JPMorgan data set remained highly valuable for phishing and fraud because it provided a large, current list of bank customers and small businesses. JPMorgan said it had not seen unusual fraud directly tied to the breach and urged customers to be wary of unsolicited emails and text messages.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
7 events from the most recent confirmed update back to the earliest known activity.
Suspected JPMorgan hacker Joshua Samuel Aaron is arrested in New York
In December 2016, U.S. citizen Joshua Samuel Aaron, suspected of involvement in the JPMorgan hack, was arrested in New York City after returning from Moscow. His arrest marked a significant law-enforcement step in the case.
U.S. authorities charge three men over JPMorgan-linked hacking campaign
In November 2015, U.S. prosecutors charged Gery Shalon, Joshua Samuel Aaron, and Ziv Orenstein in connection with a broad hacking scheme tied to the 2014 JPMorgan breach and other intrusions. Authorities described it as the largest theft of customer data from a U.S. financial institution, affecting roughly 83 million customers.
JPMorgan says attack was contained and warns customers about phishing
Following disclosure, JPMorgan said it had stopped the attack, had not observed unusual fraud linked to the breach, and warned customers it would never ask for personal information by email or text. Security experts noted the stolen contact data could be used for long-term phishing and scam campaigns.
JPMorgan discloses breach affecting 76 million households
On October 2, 2014, JPMorgan Chase revealed that hackers had obtained customer contact information tied to 76 million households and about 7 million small businesses. The bank said names, email addresses, phone numbers, and physical addresses were exposed, but not account numbers, passwords, Social Security numbers, dates of birth, or debit and credit card data.
FBI investigates possible Russian links to JPMorgan hack
By late August 2014, U.S. investigators were examining whether Russian hackers were connected to the JPMorgan breach and related attacks on other banks. The case drew federal attention as a major financial-sector cyber incident.
JPMorgan detects the breach about a month after it began
The bank discovered the intrusion in July 2014 after it had gone undetected for roughly a month. Early understanding reportedly suggested the attack affected about one million accounts.
Attackers begin infiltrating JPMorgan systems
The JPMorgan intrusion began in June 2014, with attackers ultimately accessing more than 90 servers. Reporting indicated the compromise may have started through an employee's computer.
Sources
7 references tracked. Mallory keeps watching after this page renders.
JP Morgan Chase reveals massive data breach affecting 76m households | JP Morgan | The Guardian
theguardian.com
Open sourceJoshua Samuel Aaron, U.S. citizen suspected in JP Morgan hack, arrested in NYC - CBS News
cbsnews.com
Open sourceJPMorgan Hit by Biggest Bank Breach in History - Business Insider
businessinsider.com
Open sourceWhat You Need to Know About the JPMorgan Chase Cyberattack | Mashable
mashable.com
Open sourceJPMorgan Chase Hacking Affects 76 Million Households - The New York Times
dealbook.nytimes.com
Open sourceJPMorgan Chase Hacking Affects 76 Million Households - The New York Times
archive.nytimes.com
Open sourceFBI investigating Russian links to JPMorgan hacking | Technology | The Guardian
web.archive.org
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
HSBC USA Customer Data Allegedly Exposed in Major Breach Claims
Threat actors have claimed responsibility for a significant data breach targeting HSBC USA, alleging the theft and subsequent leak of a large trove of personally identifiable information (PII) and sensitive financial records belonging to the bank's customers. The compromised data reportedly includes full names, addresses, Social Security numbers, dates of birth, phone numbers, bank account numbers, account balances, and transaction histories. Multiple sources indicate that the data was posted on prominent data leak forums, with early analysis by independent researchers suggesting the leaked samples appear legitimate, though the full scope and authenticity remain under investigation. Security experts warn that the exposure of such comprehensive PII and financial details could enable a range of fraudulent activities, including identity theft, unauthorized account access, SIM swapping, and spearphishing attacks. HSBC USA has publicly denied that a breach occurred, stating that internal investigations have found no evidence of compromised systems or service providers. Despite the bank's denial, cybersecurity researchers and industry analysts emphasize the severe risks posed by the alleged leak, urging financial institutions to strengthen authentication mechanisms, enhance account recovery processes, and promptly notify potentially affected customers. The incident has raised concerns about the adequacy of data protection measures in the banking sector and highlights the urgent need for robust security controls to prevent large-scale identity and financial fraud.
Mar 21, 2026
Betterment Social-Engineering Breach Exposes 1.4 Million Customer Records
**Betterment** disclosed that a **social engineering** attack against a **third-party platform account** used for customer communications enabled unauthorized access to internal systems in early January, leading to the exposure of personal data tied to **1,435,174 accounts**. The intruder used the access to send **fraudulent crypto-themed promotional messages** impersonating Betterment and promising to “triple” cryptocurrency sent to attacker-controlled wallets (including **Bitcoin and Ethereum** addresses). Betterment said it revoked the unauthorized access the same day it was detected, warned customers to ignore the messages, and initiated a forensic investigation with external incident-response support. Breach analysis and indexing by **Have I Been Pwned** indicated the exposed dataset included **email addresses, names, and location data**, with reporting also citing additional PII such as **dates of birth, physical addresses, phone numbers, device information, and employment-related details**. Betterment stated there is **no evidence** that customer investment accounts were accessed or that **passwords/authentication tokens** were compromised, characterizing the incident as an exposure of contact/identity data rather than account credentials. Separate reporting noted Betterment also experienced **intermittent outages attributed to a DDoS attack and extortion attempts** around the same period, but this was described as distinct from the social-engineering-driven data exposure.
Mar 21, 2026
Zacks Customer Data Posted Online in Expanded Breach Exposing Millions
Investment research firm **Zacks** was linked to multiple customer data exposures after datasets allegedly stolen from the company were posted on a popular hacking forum. Zacks first disclosed a breach in December 2022, and reporting in early 2023 said about **820,000 customers** were affected. A larger dataset later surfaced in June 2023, reportedly containing records for nearly **9 million customers**, including names, usernames, email addresses, physical addresses, phone numbers, and passwords stored as **unsalted `SHA-256` hashes**. A separate breach allegedly occurred in June 2024 and was later published online, with the leaked data described as a superset of the earlier incident and expanding the exposure to about **12 million unique email addresses**. The newer dataset reportedly also included IP addresses alongside names, usernames, physical addresses, phone numbers, and unsalted `SHA-256` password hashes. Zacks acknowledged unauthorized access to customer passwords after the earlier disclosures, but the company reportedly did not respond to multiple requests for comment on the 2024 incident.
Mar 27, 2026