2014 JPMorgan Chase data breach

The 2014 JPMorgan Chase data breach was a cyberattack against American bank JPMorgan Chase that is believed to have compromised data associated with over 83 million accounts—76 million households (approximately two out of three households in the country) and 7 million small businesses. The data breach is considered one of the most serious intrusions into an American corporation's information system and one of the largest data breaches in history.

The cyberattack
The attack—disclosed in September 2014—was discovered by the bank's security team in late July 2014, but not completely halted until the middle of August. The bank declared that login information associated with the accounts (such as social security numbers or passwords) was not compromised but names, email and postal addresses, and phone numbers of account holders were obtained by hackers, raising concerns of potential phishing attacks.

The attack targeted nine other major financial institutions alongside JPMorgan Chase. As of October 9, the only other company believed to have had data stolen is Fidelity Investments but investigators reported that the attack attempted to infiltrate the networks of banks and financial companies such as Citigroup, HSBC Holdings, E*Trade, Regions Financial Corporation and payroll-service firm Automatic Data Processing (ADP).

Indictments and extradition
US federal indictments were issued against four hackers in the massive fraud in November 2015. Two Israelis indicted, Gery Shalon and Ziv Orenstein, were arrested in Israel  and will be extradited to the U.S. according to Israel's Justice Ministry. American hacker Joshua Samuel Aaron had also been part of the indictments. They were charged with 23 counts of computer hacking affecting over 100 million customers. Shalon and Orenstein pled guilty. Joshua Samuel Aaron was arrested in Dec 2016.