In June 2014, a sophisticated hacking group breached JPMorgan Chase’s network and maintained access until it was discovered approximately in August 2014. The attackers accessed data on approximately 76 million households and 7 million small businesses (83 million total account holders), making it one of the largest financial institution breaches on record. Exposed data included contact information — names, addresses, phone numbers, email addresses — but notably did not include Social Security numbers, account numbers, passwords, or financial information. JPMorgan reported no evidence of fraud resulting directly from the breach. The initial entry point was a single server that had not been upgraded to two-factor authentication, despite a bank-wide security initiative to do so. The attack was attributed by U.S. law enforcement to a group of Russian-speaking individuals: Gery Shalon, Joshua Samuel Aaron, and Ziv Orenstein, who were indicted in 2015 on charges including computer fraud. The breach was alleged to be part of a broader criminal operation involving market manipulation — the attackers used stolen contact information to run pump-and-dump stock schemes and operate illegal online casinos and payment processors. The case illustrated that sophisticated nation-state-quality tools could be wielded by financially motivated criminals and that a single misconfigured server could expose an entire enterprise network.