J.P. Morgan Data Breach Lawsuit Says Info of 451K People Stolen by Cybercriminals

New to ClassAction.org? Read our Newswire Disclaimer

A new proposed class action lawsuit has been filed against J.P. Morgan Chase & Co. over a recently disclosed 2021 data breach that impacted more than 451,000 people whose current or former employers had retirement accounts administered by J.P. Morgan Chase.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 57-page J.P. Morgan data breach lawsuit says that around April 18, 2024, the institution began to notify victims that a “software issue” discovered in February of this year had caused certain reports run by three authorized parties to include plan participant information that “they were not entitled to see.” The three parties “were employed by J.P. Morgan customers or their agents,” the defendant said, and the reports were run between August 26, 2021, and February 23, 2024, the case relays.

According to the complaint, these reports contained personally identifiable data, including full names, addresses, Social Security numbers, payment and deduction amounts, and bank routing and account numbers for those who set up direct deposit.

The J.P. Morgan data breach notice states that the firm “promptly addressed the access issue” and applied a subsequent software update, yet the proposed class action contends that the data breach was a direct result of J.P. Morgan’s failure to implement adequate and reasonable cybersecurity procedures and protocols to protect its clients’ employees’ information.

“Plaintiff’s and Class Members’ identities are now at risk because of Defendant’s negligent conduct because the [personal information] that Defendant collected and maintained has been accessed and acquired by data thieves,” the suit alleges, emphasizing that J.P. Morgan data breach victims now face a heightened, imminent risk of fraud and identity theft, and as a result must closely monitor their accounts to guard against unauthorized activity.

Further, the data breach lawsuit contends that J.P. Morgan omitted from its notice letter details on the root cause of the incident and other pertinent facts, such that the notice “amounts to no real disclosure at all” as it fails to state with specificity what actually happened during the breach.

“Without these details, Plaintiff’s and Class Members’ ability to mitigate the harms resulting from the Data Breach is severely diminished,” the case argues, claiming J.P. Morgan could have prevented the data breach.

The J.P. Morgan data breach lawsuit looks to cover all individuals in the United States whose personally identifiable information was accessed and/or acquired by an unauthorized party as a result of the data breach reported by J.P. Morgan Chase & Co. in April 2024.

Are you owed unclaimed settlement money? Check out our class action rebates page full of open class action settlements.