Names, addresses, phone numbers and email addresses of roughly 76 million households and seven million small businesses were exposed when computer systems at JPMorgan Chase & Co
The company added, however, that “there is no evidence that account information for such affected customers – account numbers, passwords, user IDs, dates of birth or Social Security numbers – was compromised during this attack.”
The company said that to date it has not yet “seen any unusual customer fraud related to this incident.”
The company said in an update on the breach to customers that it does not believe they need to change their passwords or account information.
With some 83 million customers affected, the breach is one of the largest on record.
Earlier in the day, the New York Times published and then corrected a story that had been denied by the bank that had said JPMorgan’s computer system had been breached for the second time in about three months.
“The story is false. We are not aware of any new attack,” JPMorgan spokeswoman Patricia Wexler said in an email after the story appeared.
The newspaper corrected its story to say that the earlier version of the headline misstated the extent of the cyber security issues at the bank.
“While the bank found evidence of previously unknown hacking, it says the latest discovery does not constitute a breach separate from an earlier one,” NY Times said.
The New York Times DealBook column, citing people with knowledge of the matter, had reported that the biggest U.S. bank had found that hackers with links to Italy had gained entry to some of its servers.
The attack was discovered recently, the newspaper had earlier said.
(Reporting by Tanya Agrawal in Bangalore, David Henry in New York and Jim Finkle in Boston.; Editing by Ted Kerr)