Bank says that breach investigation on going, but confirms that millions are impacted Credit: REUTERS/Brendan McDermid On Thursday, JPMorgan Chase (JPMC) updated investors about their recently disclosed data breach in an 8-K filing with the Securities and Exchange Commission. The update comes hours after the financial giant disputed reports from the New York Times that they had experienced an additional security incident, calling the reports false.The 8-K report says that user contact information, including names, addresses, phone numbers, and email addresses, as well as internal JPMC information relating to such users was compromised. The overall impact includes 76 million households and 7 million small businesses.“However, there is no evidence that account information for such affected customers – account numbers, passwords, user IDs, dates of birth or Social Security numbers – was compromised during this attack,” the filing stated.In addition, the bank said that they’ve not seen any customer fraud related to the compromised data. JPMC says their investigation is ongoing, and they’re cooperating fully with various agencies during their investigations. “Names and contact information alone isn’t going to get the thieves into financial accounts, but it’s seed data for launching phishing attacks against those 76 million households and 7 million small businesses,” said Ryan Olson, Unit 42 intelligence director at Palo Alto Networks, when asked for his thoughts.The bank’s security woes came to light in August, after a Bloomberg report said that federal investigators were investigating reports that Russian hackers had compromised gigabytes of data. On Thursday, the New York Times reported that the bank had suffered a second breach of its systems, citing sources with knowledge of the investigation. JPMC denied the report, calling the claims false.In an update, the New York Times added that while the bank “found evidence of previously unknown hacking, it says the latest discovery does not constitute a breach separate from an earlier one.”Again, as suggested by Olson, the fallout from the latest update could impact a far larger swath of the public, as criminals jump on the breach bandwagon to further their schemes.“We may see piggyback attacks where cybercriminals launch social engineering attacks that cash in on the customer anxiety that follows the news of any big-name breach,” said Rapid7’s engineering manager, Tod Beardsley.“The usual advice applies: If you get an e-mail or a call from a JP Morgan rep, feel free to thank them for contacting you and hang up. Customers should always initiate that contact by looking at their credit card or statement for the contact number; you simply can’t trust that an incoming call or e-mail is legitimate and not a phishing attempt.” Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe