[2][3][4] The attack—disclosed in September 2014—was discovered by the bank's security team in late July 2014, but not completely halted until the middle of August.

[3][5] The bank declared that financial and login information associated with the accounts (such as social security numbers or passwords) were not compromised but names, email, postal addresses, and phone numbers of account holders were obtained by hackers, raising concerns of potential phishing attacks.

[4][6] The hackers obtained a list of JPMorgan's applications and programs, using it to identify vulnerabilities and gain entry.

[3][7] As of October 9, the only other company believed to have had data stolen is Fidelity Investments[8], but investigators reported that the attack attempted to infiltrate the networks of banks and financial companies such as Citigroup, HSBC Holdings, E*Trade, Regions Financial Corporation and payroll-service firm Automatic Data Processing (ADP).

[17] Also, the firm applied software updates to restrict unauthorized access and prevent further exposure of sensitive information.