J.P. Morgan

On April 18, 2024, the Vermont Office of the Attorney General disclosed a data breach at J.P. Morgan, stemming from a software vulnerability discovered on February 26, 2024. The incident exposed sensitive personal and financial information of an unspecified number of individuals, including names, addresses, Social Security numbers, and bank account details. The breach posed a severe risk of identity theft, financial fraud, and unauthorized access to customer accounts, given the highly confidential nature of the compromised data. While the exact scale of the breach remains undisclosed, the exposure of such critical information—particularly Social Security numbers and banking details—heightens the potential for long-term reputational damage, regulatory scrutiny, and legal repercussions for the financial institution. The incident underscores vulnerabilities in J.P. Morgan’s digital infrastructure, raising concerns about the adequacy of its cybersecurity measures in safeguarding customer data against exploitation by malicious actors.

Source: https://ago.vermont.gov/document/2024-04-18-jp-morgan-data-breach-notice-consumers

TPRM report: https://www.rankiteo.com/company/jpmorgan

"id": "jpm004091825",
"linkid": "jpmorgan",
"type": "Breach",
"date": "8/2021",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"

{'affected_entities': [{'customers_affected': 'Unknown',
                        'industry': 'Banking/Financial Services',
                        'location': 'United States',
                        'name': 'J.P. Morgan',
                        'type': 'Financial Institution'}],
 'data_breach': {'number_of_records_exposed': 'Unknown',
                 'personally_identifiable_information': ['names',
                                                         'addresses',
                                                         'Social Security '
                                                         'numbers'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personal Information',
                                              'Financial Information']},
 'date_detected': '2024-02-26',
 'date_publicly_disclosed': '2024-04-18',
 'description': 'The Vermont Office of the Attorney General reported a data '
                'breach involving J.P. Morgan that occurred due to a software '
                'issue on February 26, 2024, potentially affecting personal '
                'and financial information, including names, addresses, Social '
                'Security numbers, and bank account details of an unknown '
                'number of individuals.',
 'impact': {'data_compromised': ['names',
                                 'addresses',
                                 'Social Security numbers',
                                 'bank account details'],
            'identity_theft_risk': 'Potential',
            'payment_information_risk': 'Potential'},
 'post_incident_analysis': {'root_causes': 'Software Issue'},
 'references': [{'date_accessed': '2024-04-18',
                 'source': 'Vermont Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['Vermont Office of the '
                                                        'Attorney General']},
 'title': 'J.P. Morgan Data Breach Due to Software Issue (2024)',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Software Issue'}