The attack started in June and didn’t end until mid-August, after the intruders had made off with gigabytes of information, according to Bloomberg’s original report. In a short regulatory filing, JPMorgan admitted that hackers got access to contact information: names, addresses, phone numbers, and e-mail addresses.

The good news is that there’s no evidence so far that the compromised data included any account numbers, passwords, Social Security numbers, user IDs, or birth dates. And JPMorgan still hasn’t seen “unusual customer fraud” related to the intrusion, according to the company’s statement.

For those whose contact information may have been stolen, one risk is an increase in phishing e-mails, which aim to lure you into clicking on a link or an attachment that will infect your computer. But that’s probably a relief to customers imagining they might wake up to find their bank account cleared out. JPMorgan also said in the statement that you won’t be liable for unauthorized transactions if you report them “promptly.”

If this is the worst news from the breach, it’s reassuring. On the other hand, the larger picture is indeed scary. If any institution in the U.S. is prepared for such an attack, it’s JPMorgan. And yet.

“The fact that JPMorgan Chase could be breached should send a shiver of fear through every organization on the planet,” says Steve Hultquist, chief evangelist at RedSeal Networks, a cybersecurity company. “They are well aware of both the defenses necessary and the importance of protecting against concerted, automated attacks.”

Let’s hope this does scare the pants off a few more companies that become, as a result, better prepared to shut down the next attack.

(Bloomberg Businessweek)