The 2014 JPMorgan Chase data breach was a cyberattack against American bank JPMorgan Chase that is believed to have compromised data associated with over 83 million accounts—76 million households (approximately two out of three households in the country) and 7 million small businesses.[1] The data breach is considered one of the most serious intrusions into an American corporation's information system and one of the largest data breaches in history.[2][3][4]
The attack—disclosed in September 2014—was discovered by the bank's security team in late July 2014, but not completely halted until the middle of August.[3][5] The bank declared that login information associated with the accounts (such as social security numbers or passwords) was not compromised but names, email and postal addresses, and phone numbers of account holders were obtained by hackers, raising concerns of potential phishing attacks.[4][6]
This section needs to be updated. Please help update this article to reflect recent events or newly available information. (October 2020)
US federal indictments were issued against four hackers in the massive fraud in November 2015.[10] Two Israelis indicted, Gery Shalon and Ziv Orenstein, were arrested in Israel and will be extradited to the U.S. according to Israel's Justice Ministry.[11]
American hacker Joshua Samuel Aaron had also been part of the indictments.[12]
They were charged with 23 counts of computer hacking affecting over 100 million customers.[13] Shalon and Orenstein pled guilty. Joshua Samuel Aaron was arrested in Dec 2016.[14] A fourth individual, Andrei Tyurin, was extradited to the US from the Republic of Georgia to face charges in 2018.[15]