JPMorgan has revealed that a cyber strike on its systems successfully compromised data belonging to 76 million households and seven million small to medium sized businesses.
The breach was originally reported in August and is believed to have been mounted by a group of Russian hackers. The number of customers affected was unknown until JPMorgan revealed the figure in a court filing.
The figures led to widespread reports that the firm had suffered a second data breach, although a JPMorgan spokeswoman dismissed these reports.
"We are not aware of any new attack. Any report that there was a second breach is false," she told V3.
The court filing showed that information stolen included customers' contact information and "internal JPMorgan Chase information relating to such users".
However, JPMorgan insisted that several key pieces of information were not compromised.
"There is no evidence that account information for such affected customers - account numbers, passwords, user IDs, dates of birth or Social Security numbers - was compromised during this attack," the company said.
"As of such date, the firm continues not to have seen any unusual customer fraud related to this incident."
Many security professionals have expressed concerns about the size of the breach, despite JPMorgan's assurances.
Tim Erlin, director of IT security and risk strategy at Tripwire, described the attack as proof that financial institutions need to improve cyber security to avoid similar breaches.
"All other large financial institutions should take note of this incident, and not only scrutinise their defences, but prepare for a public response before it's needed," he said.
"Large banks like JPMorgan are under constant cyber attack, and they thwart the majority of attempted break-ins.
"While there's little doubt that JPMorgan has taken action since the original incident was reported, the size and complexity of their network means they are unlikely to have rolled out new protections comprehensively by now. In situations like this, time is always the enemy."
Alert Logic's chief security evangelist, Stephen Coty, mirrored Erlin's sentiments, warning JP Morgan customers to be on their guard against follow up phishing attacks.
"There should be a notification to affected users to be on the lookout for spam campaigns or emails from the bank with a URL that you might not recognise," he said.
Improving financial service providers' security is an ongoing goal of law enforcement and government agencies across the world.
Europol's European Cybercrime Centre signed a Memorandum of Understanding with the European Banking Federation in September pledging to co-operate when combating cyber threats.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago