Internal Data Breach at J.P. Morgan Impacts Over 450,000 Individuals

J.P. Morgan, a leader in financial services, has reported an “inadvertent disclosure” leading to an internal data breach affecting 451,809 individuals. The breach, discovered on February 26, 2024, involved unauthorized access to plan participants' personal and financial information due to a software flaw that went unnoticed for nearly three years.

The data breach originated from a software issue that inadvertently allowed certain reports run by three authorized system users to include sensitive information they were not entitled to access. These users, affiliated with J.P. Morgan's customers or their agents, had the ability to view data including:

• Names
• Addresses
• Social Security Numbers
• Bank routing and account numbers
• Other personal details

This lapse in data security spanned from August 26, 2021, until its discovery on February 23, 2024. Upon uncovering the software issue, J.P. Morgan promptly addressed the access problem and implemented a critical software update to prevent further unauthorized information disclosure.

The financial institution began notifying affected parties on April 18, 2024, providing details about the breach and steps to mitigate potential harm. To further assist impacted individuals, J.P. Morgan has partnered with Experian's IdentityWorks to offer two years of free credit monitoring, aiming to help detect unauthorized changes and potential misuse of the affected data.

J.P. Morgan says it has taken several steps to bolster security and prevent future incidents. This includes the software update immediately following the breach discovery and ongoing reviews to enhance data protection protocols.

For affected individuals, J.P. Morgan recommends vigilance in monitoring financial statements and account activities. They also suggest considering placing a security freeze on credit reports to prevent new credit accounts from being opened in their names without explicit consent.

While J.P. Morgan has addressed the software issue and taken steps to protect affected users, individuals impacted by this breach could face the consequences of heightened risks for several years. Hence, they should remain proactive in monitoring their financial accounts and to take advantage of the offered credit monitoring services as soon as possible.