JP Morgan employees access sensitive information they weren’t supposed to see

The American banking giant JP Morgan has suffered a data security incident, revealing the personal and financial information of over 450,000 individuals.

In February 2024, JP Morgan “learned of a software issue that caused certain reports run by three authorized system users to include plan participant information that they were not entitled to see.”

JP Morgan states that there was a “software issue in a vendor-provided system that supports our Benefit Payment Services product,” which allowed employees to access retirement plan participants’ records they were not supposed to see.

According to the breach notification letter, two individuals are employees of employee benefit plan administration hired by JP Morgan clients, and one of the individuals involved was hired by a client of JP Morgan.

Plan participant information relates to personal financial and other information about an individual enrolled in a specific plan.

The sensitive information affected by the security incident includes:

  • Names
  • Addresses
  • Social Security numbers
  • Payment and deductions amount
  • Bank routing and account numbers (if a direct deposit was set up)

Yet, the information disclosed on the Office of the Maine Attorney General’s website claims that the employees may have seen more information, including financial account numbers or credit/debit card numbers in combination with security codes, access codes, passwords, or PINs for the accounts.

The company has disclosed that the incident occurred in August 2021 but was only discovered in February 2024.

JP Morgan states that “the system users ran a limited number of reports between August 26th, 2021, and February 23rd, 2024.” In an update, the authorized users ran a total of 12 reports during this period, and all data has been deleted from the active drives.

The financial firm claims that the three individuals involved are "monitoring backup files for any restoration where deletion from such backup files is not possible."

Since the incident, JP Morgan has “addressed the access issue and applied a software update” to mitigate the chances of this incident occurring again.

The banking giant recommends that customers review their accounts and call the company if they notice unrecognized transactions. However, the company states that there is no indication that this information has been misused.

JP Morgan offers two years of free credit monitoring through Experian’s Identity Works.

This isn’t the first time JP Morgan has suffered a data security incident. In 2014, JP Morgan Chase suffered a data breach that is believed to have compromised 83 million accounts, 76 million households, and 7 million small businesses.

Although the latest security incident wasn’t a cyberattack, the company has seen a large increase in hacking attempts over the past few years, CNN reports.

The financial sector is highly susceptible to hackers, as companies often hold a large amount of sensitive personal data. JP Morgan is known as one of the big four banks in America, making it a coveted target.

According to its website, the financial firm claims to be “the leading global financial services firm with assets of $2.6 trillion” and has over 240,000 employees.

A few of the ‘big four’ banks in America have suffered data breaches this year.

Recently, another banking giant, Wells Fargo, suffered a data breach in which an employee accessed information when they were not authorized to do so.

A Wells Fargo spokesperson said that “an employee violated company policy for sending information to his personal account. The individual is no longer employed with Wells Fargo.”

More from Cybernews:

Label working with Snoop Dogg and Iggy Azalea faces cyberthreat

Kaiser health plan reveals data breach impacting millions

FBI warns against unregistered cryptocurrency services

New iPads around the corner: what’s in store from Apple’s launch event

Hackers leak World-Check, sanctions, and crimes database

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked