JPMorgan Chase says it has discovered a data breach affecting the personal information of nearly half a million customers.
New documents filed with the Maine Attorney General’s Office show that the banking giant recently encountered a software issue that was active as of August 26, 2021.
The bug allowed unauthorized access to 451,809 customers’ retirement plan records, which contain names, addresses, Social Security numbers and bank account numbers.
JPMorgan says it has now fixed the issue, which incorrectly granted full access to several “authorized system users” who were employed by JPMorgan clients or their agents.
The bank says it has no indication that personal information has been misused and is offering two years of free credit monitoring through Experian to affected customers.
This isn’t the first time JPMorgan Chase has discovered a crack in its security infrastructure.
In 2014, the bank reported one of the largest data breaches in history, a cyberattack that affected the accounts of 76 million households and seven million small businesses.
As reported by the New York Times, JPMorgan’s security team had failed to add two-factor authentication to one of its network servers, which led to the theft of email addresses, home addresses and customer telephone numbers. The bank said there was no evidence that account information was leaked during the hack.