JP Morgan data breach hits 451,000 retirement plan members

JP Morgan data breach hits 451,000 retirement plan members
The financial services giant reported a years-long system failure that exposed names, addresses, Social Security numbers, and other sensitive info.
MAY 01, 2024

A years-long system failure at JP Morgan Chase has compromised sensitive financial and personal data belonging to hundreds of thousands of its retirement plan members.

The banking giant said it discovered a significant data breach affecting over 451,000 retirement plan participants, as disclosed in a regulatory filing to the Office of the Maine Attorney General on Monday.

The exposed information includes names, addresses, Social Security numbers, and details regarding payment and deductions. Those who arranged direct deposits were also hard hit as their bank routing and account numbers were compromised.

The breach, which stemmed from a software flaw rather than a cyberattack, involved unauthorized access by three system users linked to J.P. Morgan customers or their agents. The software issue allowed these users to access plan participant data they were not entitled to view, which then got included through reports they ran between August 26, 2021, and February 23, 2024.

The issue was first identified by the bank on February 26.

Speaking for the firm, Lynne Atchison, executive director of benefit payment services, told the Maine Attorney General that it took swift action upon discovering the issue, applying a software update to restrict unauthorized access.

To mitigate potential damages from the breach, J.P. Morgan is offering affected individuals two years of free identity theft protection services via Experian’s IdentityWorks platform. Additionally, it’s also opened up its call center to impacted participants who may have questions or inquiries.

Holding trillions of dollars’ worth of everyday Americans’ assets, not to mention their financial and personal information, the retirement plan industry has long been a juicy target for bad actors.

While the Department of Labor has introduced cybersecurity guidance in the past to help address the threat, that hasn’t prevented breaches in the continuing arms race between hackers and stewards and custodians within the retirement industry.

One of the lapses over the past year involved Retirement Clearinghouse, a 401(k) and IRA portability firm, which had to inform more than 10,000 of its account holders that their Social Security numbers had been exposed due to a phishing attack.

“On or about March 15, 2023, Retirement Clearinghouse identified potentially suspicious activity for one email account, and promptly took steps to confirm the security of the account,” the company wrote in a disclosure to the Maine AG office in May last year.

High quality corporate bonds best as economy slows, says American Century portfolio manager

Latest News

Advisor moves: LPL welcomes $750M Osaic team, Raymond James recruits Wells Fargo duo in New York
Advisor moves: LPL welcomes $750M Osaic team, Raymond James recruits Wells Fargo duo in New York

Elsewhere in Utah, Raymond James also welcomed another experienced advisor from D.A. Davidson.

UBS loses arbitration battle in fiduciary fight over foundation funds
UBS loses arbitration battle in fiduciary fight over foundation funds

A federal appeals court says UBS can’t force arbitration in a trustee lawsuit over alleged fiduciary breaches involving millions in charitable assets.

RIA moves: NorthRock adds $800M Parkside Advisors, NFP acquires Levine Group in Tennessee
RIA moves: NorthRock adds $800M Parkside Advisors, NFP acquires Levine Group in Tennessee

NorthRock Partners' second deal of 2025 expands its Bay Area presence with a planning practice for tech professionals, entrepreneurs, and business owners.

Three easy ways to boost your firm’s impact this summer
Three easy ways to boost your firm’s impact this summer

Rather than big projects and ambitious revamps, a few small but consequential tweaks could make all the difference while still leaving time for well-deserved days off.

Hightower taps Osaic alum Scott Hadley as first chief advisory officer, expands C-suite
Hightower taps Osaic alum Scott Hadley as first chief advisory officer, expands C-suite

Hadley, whose time at Goldman included working with newly appointed CEO Larry Restieri, will lead the firm's efforts at advisor engagement, growth initiatives, and practice management support.

SPONSORED How advisors can build for high-net-worth complexity

Orion's Tom Wilson on delivering coordinated, high-touch service in a world where returns alone no longer set you apart.

SPONSORED RILAs bring stability, growth during volatile markets

Barely a decade old, registered index-linked annuities have quickly surged in popularity, thanks to their unique blend of protection and growth potential—an appealing option for investors looking to chart a steadier course through today's choppy market waters, says Myles Lambert, Brighthouse Financial.