
Chase Company Cyber Security Posture
chase.comAt Chase, weโre dedicated to helping you succeed. Whether youโre in need of banking, credit cards, mortgages, auto financing, investment guidance, small business support, or payment solutions, weโre beside you every step of the way. For customer service, contact us via chase.com/customerservice. See full social media terms and conditions at chase.com/socialterms. JPMorgan Chase is an Equal Opportunity Employer, including Disability/Veterans.
Chase Company Details
chase
33797 employees
548565.0
52
Financial Services
chase.com
Scan still pending
CHA_2732315
In-progress

Between 800 and 900
This score is AI-generated and less favored by cyber insurers, who prefer the TPRM score.

.png)

Chase Company Scoring based on AI Models
Model Name | Date | Description | Current Score Difference | Score |
---|---|---|---|---|
AVERAGE-Industry | 03-12-2025 | This score represents the average cybersecurity rating of companies already scanned within the same industry. It provides a benchmark to compare an individual company's security posture against its industry peers. | N/A | Between 800 and 900 |
Chase Company Cyber Security News & History
Entity | Type | Severity | Impact | Seen | Url ID | Details | View |
---|---|---|---|---|---|---|---|
Chase | Breach | 85 | 4 | 02/2018 | CHA10418622 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: Multiple Chase.com customers have reported logging in to their bank accounts, only to be presented with another customerโs bank account details. Chase has acknowledged the incident and stated that it was a glitch and not any hacking attempt. It was caused by an internal โglitchโ Wednesday evening that did not involve any kind of hacking attempt or cyber attack. | |||||||
JPMorgan Chase Bank, N.A. | Breach | 85 | 4 | 6/2018 | JPM357072525 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: On August 10, 2018, the California Office of the Attorney General reported that JPMorgan Chase Bank, N.A. experienced a data breach on June 28, 2018. An employee improperly downloaded customer information, including names, addresses, mortgage loan numbers, and Social Security numbers, to a personal computer and online data storage sites, potentially exposing this data to third parties for about three weeks. | |||||||
First Republic Bank | Breach | 50 | 2 | 8/2012 | FIR145072625 | Link | |
Rankiteo Explanation : Attack limited on finance or reputationDescription: The California Office of the Attorney General reported a data breach involving First Republic Bank on August 14, 2012. The breach occurred on August 2, 2012, due to improper data disposal of client names, account types and numbers, and taxpayer identification/social security numbers. The number of affected individuals is unknown. | |||||||
JPMorgan Chase Bank, N.A. | Breach | 85 | 4 | 5/2021 | JPM351072625 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: The California Office of the Attorney General reported that JPMorgan Chase Bank, N.A. experienced a data breach on May 24, 2021, affecting customer account information. The report was made on August 13, 2021, and notification letters detailed that personal and financial information may have been accidentally seen by another customer, although no indication of misuse of information was reported. | |||||||
JPMorgan Chase Bank, N.A. | Breach | 100 | 5 | 8/2021 | JPM404072625 | Link | |
Rankiteo Explanation : Attack threatening the organization's existenceDescription: The California Office of the Attorney General reported a data breach involving J.P. Morgan Chase Bank, N.A. on April 29, 2024. The breach occurred due to a software issue that allowed unauthorized access to plan participant information between August 26, 2021, and February 23, 2024, potentially affecting personal and financial information such as names, addresses, Social Security numbers, and bank account details. | |||||||
J.P. Morgan | Breach | 85 | 4 | 8/2021 | JPM221072725 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: On April 27, 2024, the California Office of the Attorney General reported a data breach involving J.P. Morgan. The breach, which occurred between August 26, 2021, and February 23, 2024, was due to a software issue that allowed unauthorized access to plan participant information. The compromised data included names, addresses, Social Security numbers, and banking details for certain users. The exact number of individuals affected is unknown. | |||||||
JPMorgan Chase Bank, N.A. | Breach | 50 | 2 | 7/2013 | JPM108072925 | Link | |
Rankiteo Explanation : Attack limited on finance or reputationDescription: The California Office of the Attorney General reported a data breach involving JPMorgan Chase Bank, N.A. on December 5, 2013. The specific date of the breach is unknown, but the incident was detected between mid-July and mid-September 2013, potentially compromising personal information such as names, addresses, Social Security numbers, and bank account details. | |||||||
First Republic Bank | Breach | 85 | 4 | 1/2012 | FIR234080425 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: The California Office of the Attorney General reported a data breach involving First Republic Bank on May 29, 2012. The breach occurred between January 21, 2012, and February 25, 2012, and compromised customer names, debit card numbers, and encrypted personal identification numbers (PINs). | |||||||
Unnamed Financial Institution | Ransomware | 100 | 6/2025 | JPM602061325 | Link | ||
Rankiteo Explanation : Attack threatening the organizationโs existenceDescription: In May 2025, an unnamed financial institution in Asia was targeted by Fog ransomware hackers. The attackers utilized legitimate employee monitoring software Syteca (formerly Ekran) and several open-source pen-testing tools, including GC2, Adaptix, and Stowaway. This tactic, described as 'living off the land,' allowed the attackers to operate more stealthily, reducing the likelihood of detection. The use of legitimate software in the attack chain was deemed highly unusual and reflects a shift in the tactics employed by Fog hackers. |
Chase Company Subsidiaries

At Chase, weโre dedicated to helping you succeed. Whether youโre in need of banking, credit cards, mortgages, auto financing, investment guidance, small business support, or payment solutions, weโre beside you every step of the way. For customer service, contact us via chase.com/customerservice. See full social media terms and conditions at chase.com/socialterms. JPMorgan Chase is an Equal Opportunity Employer, including Disability/Veterans.
Access Data Using Our API

Get company history
.png)
Chase Cyber Security News
JPMorgan Chase CISO Decries Poor SaaS Cybersecurity
Banking giant JPMorgan Chase called on software as a service providers to improve cybersecurity practices in an open letter accusing them ofย ...
JPMorgan Chase CISO warns software industry on supply chain security
Patrick Opet, global CISO at JPMorgan Chase, warned in an open letter on Friday that global companies are dependent on interconnected technologies.
JPMorgan Chase's Dimon on AI, data, cybersecurity and managing tech shifts
JPMorgan Chase CEO Jamie Dimon said artificial intelligence shouldn't be a part of the technology org since it impacts all of the business.
Cybersecurity's trillion-dollar chase
A trillion-dollar cybersecurity company "sounds unbelievable right now, but I remember 10 years ago, if somebody told me that there will be aย ...
Forescout strengthens advisory board, adds Robert Skinner and Chase Cunningham
As IT and OT systems continue to converge and redefine industrial strategy, outdated OT cybersecurity training is falling behind the pace andย ...
Mind your business: How to keep your company cyber secure
Does your business' cybersecurity need some TLC? With cybercrime on the rise, it's important to understand how you can keep your businessย ...
JPMorgan Chase CISO Fires Warning Shot Ahead of RSA Conference
JPMorgan Chase CISO Pat Opet published an open letter warning software-as-a-service suppliers that โconvenience can no longer outpace control.โ
Chase says viral โbank glitchโ trend is actually โfraud.โ A cybersecurity expert explains why financial hacks that seem โtoo good to be trueโ usually are.
A series of recent viral videos on TikTok and X have made it seem like people were getting "free" cash from Chase Bank ATMs.
AI tools and your privacy: What you need to know
Easy-to-use artificial intelligence (AI) tools are changing our work and school lives. However, they come with a host of new privacy threats.

Chase Similar Companies

Revolut
People deserve more from their money. More visibility, more control, and more freedom. Since 2015, Revolut has been on a mission to deliver just that. Our powerhouse of products help our 50+ million customers get more from their money every day. As we continue our lightning-fast growth,โ 2 things a

BBVA en Mรฉxico
Bienvenido a la pรกgina oficial del Banco BBVA Bancomer. Instituciรณn financiera de Mรฉxico desde 1932. Es una empresa filial de Banco Bilbao Vizcaya Argentaria (BBVA), uno de los grupos financieros lรญderes en Europa y considerado entre uno de los mรกs grandes de la Zona Euro. El Grupo trabaja por un f

BlackRock
BlackRock is a global asset manager and technology provider dedicated to helping more and more people experience financial well-being. We help millions of people invest to build savings that serve them throughout their lives. We always start with our clientsโ needs and look to offer them more qua

Deutsche Bank
Deutsche Bank is the leading German bank with strong European roots and a global network. The bank focuses on its strengths in a Corporate Bank newly created in 2019, a leading Private Bank, a focused investment bank and in asset management. We provide financial services to companies, governments,

Fidelity Investments
Fidelityโs mission is to strengthen the financial well-being of our customers and deliver better outcomes for the clients and businesses we serve. Fidelityโs strength comes from the scale of our diversified, market-leading financial services businesses that serve individuals, families, employers, we

IIFL (India Infoline Group)
IIFL group is one of India's largest diversified financial services conglomerates with three listed entities - IIFL Finance, IIFL Securities and 360 ONE Wealth & Asset Management. Founded in 1995 by Nirmal Jain as a small research house, today IIFL Group employs over 40000 people and caters to over

Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Chase CyberSecurity History Information
How many cyber incidents has Chase faced?
Total Incidents: According to Rankiteo, Chase has faced 9 incidents in the past.
What types of cybersecurity incidents have occurred at Chase?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware and Breach.
How does Chase detect and respond to cybersecurity incidents?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with symantec researchers.
Incident Details
Can you provide details on each incident?

Incident : Data Breach
Title: First Republic Bank Data Breach
Description: The California Office of the Attorney General reported a data breach involving First Republic Bank on May 29, 2012. The breach occurred between January 21, 2012, and February 25, 2012, and compromised customer names, debit card numbers, and encrypted personal identification numbers (PINs).
Date Detected: 2012-05-29
Date Publicly Disclosed: 2012-05-29
Type: Data Breach

Incident : Data Breach
Title: JPMorgan Chase Bank Data Breach
Description: The California Office of the Attorney General reported a data breach involving JPMorgan Chase Bank, N.A. on December 5, 2013. The specific date of the breach is unknown, but the incident was detected between mid-July and mid-September 2013, potentially compromising personal information such as names, addresses, Social Security numbers, and bank account details.
Date Detected: mid-July to mid-September 2013
Date Publicly Disclosed: December 5, 2013
Type: Data Breach

Incident : Data Breach
Title: J.P. Morgan Data Breach
Description: A software issue allowed unauthorized access to plan participant information, including names, addresses, Social Security numbers, and banking details for certain users.
Date Detected: 2024-04-27
Date Publicly Disclosed: 2024-04-27
Type: Data Breach
Attack Vector: Software Vulnerability
Vulnerability Exploited: Unauthorized Access

Incident : Data Breach
Title: Data Breach at J.P. Morgan Chase Bank, N.A.
Description: A data breach occurred due to a software issue that allowed unauthorized access to plan participant information, potentially affecting personal and financial information such as names, addresses, Social Security numbers, and bank account details.
Date Detected: 2024-04-29
Date Publicly Disclosed: 2024-04-29
Type: Data Breach
Attack Vector: Software Issue
Vulnerability Exploited: Unauthorized Access

Incident : Data Breach
Title: JPMorgan Chase Bank Data Breach
Description: The California Office of the Attorney General reported that JPMorgan Chase Bank, N.A. experienced a data breach on May 24, 2021, affecting customer account information. The report was made on August 13, 2021, and notification letters detailed that personal and financial information may have been accidentally seen by another customer, although no indication of misuse of information was reported.
Date Detected: 2021-05-24
Date Publicly Disclosed: 2021-08-13
Type: Data Breach

Incident : Data Breach
Title: First Republic Bank Data Breach
Description: The California Office of the Attorney General reported a data breach involving First Republic Bank on August 14, 2012. The breach occurred on August 2, 2012, due to improper data disposal of client names, account types and numbers, and taxpayer identification/social security numbers. The number of affected individuals is unknown.
Date Detected: 2012-08-02
Date Publicly Disclosed: 2012-08-14
Type: Data Breach
Attack Vector: Improper Data Disposal
Vulnerability Exploited: Improper Data Disposal

Incident : Data Breach
Title: JPMorgan Chase Data Breach
Description: An employee improperly downloaded customer information, including names, addresses, mortgage loan numbers, and Social Security numbers, to a personal computer and online data storage sites, potentially exposing this data to third parties for about three weeks.
Date Detected: 2018-08-10
Date Publicly Disclosed: 2018-08-10
Type: Data Breach
Attack Vector: Insider Threat
Vulnerability Exploited: Human Error
Threat Actor: Employee

Incident : Ransomware
Title: Fog Ransomware Attack on Financial Institution
Description: Fog ransomware hackers used legitimate employee monitoring software Syteca and several open-source pen-testing tools alongside usual encryption to attack an unnamed financial institution in Asia.
Date Detected: May 2025
Type: Ransomware
Attack Vector: Legitimate software and open-source pen-testing tools
Threat Actor: Fog Ransomware Hackers
Motivation: Financial Gain

Incident : Data Exposure
Title: Chase.com Account Information Mix-Up
Description: Multiple Chase.com customers reported logging in to their bank accounts and seeing another customerโs bank account details. Chase acknowledged the incident and stated that it was caused by an internal glitch and not any hacking attempt.
Type: Data Exposure
Vulnerability Exploited: Internal Glitch
What are the most common types of attacks the company has faced?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident?

Incident : Data Breach FIR234080425
Data Compromised: customer names, debit card numbers, encrypted personal identification numbers (PINs)

Incident : Data Breach JPM108072925
Data Compromised: names, addresses, Social Security numbers, bank account details

Incident : Data Breach JPM221072725
Data Compromised: Names, Addresses, Social Security numbers, Banking details

Incident : Data Breach JPM404072625
Data Compromised: names, addresses, Social Security numbers, bank account details

Incident : Data Breach JPM351072625
Data Compromised: personal information, financial information

Incident : Data Breach FIR145072625
Data Compromised: Client names, Account types and numbers, Taxpayer identification/social security numbers

Incident : Data Breach JPM357072525
Data Compromised: Names, Addresses, Mortgage Loan Numbers, Social Security Numbers

Incident : Data Exposure CHA10418622
Data Compromised: Customer Bank Account Details
Systems Affected: Chase.com
What types of data are most commonly compromised in incidents?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are customer names, debit card numbers, encrypted personal identification numbers (PINs), names, addresses, Social Security numbers, bank account details, Names, Addresses, Social Security numbers, Banking details, personal information, financial information, personal information, financial information, Client names, Account types and numbers, Taxpayer identification/social security numbers, Names, Addresses, Mortgage Loan Numbers, Social Security Numbers and Customer Bank Account Details.
Which entities were affected by each incident?

Incident : Data Breach FIR234080425
Entity Type: Financial Institution
Industry: Banking
Location: California

Incident : Data Breach JPM108072925
Entity Type: Financial Institution
Industry: Banking
Location: California

Incident : Data Breach FIR145072625
Entity Type: Bank
Industry: Financial Services
Location: California

Incident : Data Breach JPM357072525
Entity Type: Financial Institution
Industry: Banking
Location: California
Response to the Incidents
What measures were taken in response to each incident?

Incident : Ransomware JPM602061325
Third Party Assistance: Symantec researchers
How does the company involve third-party assistance in incident response?
Third-Party Assistance: The company involves third-party assistance in incident response through Symantec researchers.
Data Breach Information
What type of data was compromised in each breach?

Incident : Data Breach FIR234080425
Type of Data Compromised: customer names, debit card numbers, encrypted personal identification numbers (PINs)
Data Encryption: encrypted personal identification numbers (PINs)
Personally Identifiable Information: customer names

Incident : Data Breach JPM108072925
Type of Data Compromised: names, addresses, Social Security numbers, bank account details
Sensitivity of Data: High
Personally Identifiable Information: True

Incident : Data Breach JPM221072725
Type of Data Compromised: Names, Addresses, Social Security numbers, Banking details
Sensitivity of Data: High
Personally Identifiable Information: True

Incident : Data Breach JPM404072625
Type of Data Compromised: personal information, financial information
Sensitivity of Data: High
Personally Identifiable Information: names, addresses, Social Security numbers

Incident : Data Breach JPM351072625
Type of Data Compromised: personal information, financial information

Incident : Data Breach FIR145072625
Type of Data Compromised: Client names, Account types and numbers, Taxpayer identification/social security numbers
Sensitivity of Data: High
Personally Identifiable Information: True

Incident : Data Breach JPM357072525
Type of Data Compromised: Names, Addresses, Mortgage Loan Numbers, Social Security Numbers
Sensitivity of Data: High
Data Exfiltration: True
Personally Identifiable Information: True

Incident : Data Exposure CHA10418622
Type of Data Compromised: Customer Bank Account Details
Ransomware Information
Was ransomware involved in any of the incidents?
Lessons Learned and Recommendations
What lessons were learned from each incident?

Incident : Ransomware JPM602061325
Lessons Learned: Expect the use of ordinary and legitimate corporate software as the norm in ransomware attacks.
What are the key lessons learned from past incidents?
Key Lessons Learned: The key lessons learned from past incidents are Expect the use of ordinary and legitimate corporate software as the norm in ransomware attacks.
References
Where can I find more information about each incident?

Incident : Data Breach FIR234080425
Source: California Office of the Attorney General
Date Accessed: 2012-05-29

Incident : Data Breach JPM108072925
Source: California Office of the Attorney General
Date Accessed: December 5, 2013

Incident : Data Breach JPM221072725
Source: California Office of the Attorney General
Date Accessed: 2024-04-27

Incident : Data Breach JPM404072625
Source: California Office of the Attorney General
Date Accessed: 2024-04-29

Incident : Data Breach JPM351072625
Source: California Office of the Attorney General
Date Accessed: 2021-08-13

Incident : Data Breach FIR145072625
Source: California Office of the Attorney General
Date Accessed: 2012-08-14

Incident : Data Breach JPM357072525
Source: California Office of the Attorney General
Date Accessed: 2018-08-10

Incident : Ransomware JPM602061325
Source: Symantec researchers
Where can stakeholders find additional resources on cybersecurity best practices?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney GeneralDate Accessed: 2012-05-29, and Source: California Office of the Attorney GeneralDate Accessed: December 5, 2013, and Source: California Office of the Attorney GeneralDate Accessed: 2024-04-27, and Source: California Office of the Attorney GeneralDate Accessed: 2024-04-29, and Source: California Office of the Attorney GeneralDate Accessed: 2021-08-13, and Source: California Office of the Attorney GeneralDate Accessed: 2012-08-14, and Source: California Office of the Attorney GeneralDate Accessed: 2018-08-10, and Source: Symantec researchers.
Investigation Status
What is the current status of the investigation for each incident?

Incident : Ransomware JPM602061325
Investigation Status: Investigation ongoing
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident?

Incident : Data Breach FIR145072625
Root Causes: Improper Data Disposal

Incident : Data Breach JPM357072525
Root Causes: Human Error

Incident : Data Exposure CHA10418622
Root Causes: Internal Glitch
What is the company's process for conducting post-incident analysis?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Symantec researchers.
Additional Questions
General Information
Who was the attacking group in the last incident?
Last Attacking Group: The attacking group in the last incident were an Employee and Fog Ransomware Hackers.
Incident Details
What was the most recent incident detected?
Most Recent Incident Detected: The most recent incident detected was on 2012-05-29.
What was the most recent incident publicly disclosed?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2012-05-29.
Impact of the Incidents
What was the most significant data compromised in an incident?
Most Significant Data Compromised: The most significant data compromised in an incident were customer names, debit card numbers, encrypted personal identification numbers (PINs), names, addresses, Social Security numbers, bank account details, Names, Addresses, Social Security numbers, Banking details, names, addresses, Social Security numbers, bank account details, personal information, financial information, Client names, Account types and numbers, Taxpayer identification/social security numbers, Names, Addresses, Mortgage Loan Numbers, Social Security Numbers and Customer Bank Account Details.
What was the most significant system affected in an incident?
Most Significant System Affected: The most significant system affected in an incident was Chase.com.
Response to the Incidents
What third-party assistance was involved in the most recent incident?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Symantec researchers.
Data Breach Information
What was the most sensitive data compromised in a breach?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were customer names, debit card numbers, encrypted personal identification numbers (PINs), names, addresses, Social Security numbers, bank account details, Names, Addresses, Social Security numbers, Banking details, names, addresses, Social Security numbers, bank account details, personal information, financial information, Client names, Account types and numbers, Taxpayer identification/social security numbers, Names, Addresses, Mortgage Loan Numbers, Social Security Numbers and Customer Bank Account Details.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Expect the use of ordinary and legitimate corporate software as the norm in ransomware attacks.
References
What is the most recent source of information about an incident?
Most Recent Source: The most recent source of information about an incident are California Office of the Attorney General, California Office of the Attorney General, California Office of the Attorney General, California Office of the Attorney General, California Office of the Attorney General, California Office of the Attorney General, California Office of the Attorney General and Symantec researchers.
Investigation Status
What is the current status of the most recent investigation?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Investigation ongoing.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Improper Data Disposal, Human Error, Internal Glitch.
What Do We Measure?
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
