JPMorgan has revealed that a cyber strike on its systems successfully compromised data belonging to 76 million households and seven million small to medium sized businesses.
The breach was originally reported in August and is believed to have been mounted by a group of Russian hackers. The number of customers affected was unknown until JPMorgan revealed the figure in a court filing.
The figures led to widespread reports that the firm had suffered a second data breach, although a JPMorgan spokeswoman dismissed these reports.
"We are not aware of any new attack. Any report that there was a second breach is false," she told V3.
The court filing showed that information stolen included customers' contact information and "internal JPMorgan Chase information relating to such users".
However, JPMorgan insisted that several key pieces of information were not compromised.
"There is no evidence that account information for such affected customers - account numbers, passwords, user IDs, dates of birth or Social Security numbers - was compromised during this attack," the company said.
"As of such date, the firm continues not to have seen any unusual customer fraud related to this incident."
Many security professionals have expressed concerns about the size of the breach, despite JPMorgan's assurances.
Tim Erlin, director of IT security and risk strategy at Tripwire, described the attack as proof that financial institutions need to improve cyber security to avoid similar breaches.
"All other large financial institutions should take note of this incident, and not only scrutinise their defences, but prepare for a public response before it's needed," he said.
"Large banks like JPMorgan are under constant cyber attack, and they thwart the majority of attempted break-ins.
"While there's little doubt that JPMorgan has taken action since the original incident was reported, the size and complexity of their network means they are unlikely to have rolled out new protections comprehensively by now. In situations like this, time is always the enemy."
Alert Logic's chief security evangelist, Stephen Coty, mirrored Erlin's sentiments, warning JP Morgan customers to be on their guard against follow up phishing attacks.
"There should be a notification to affected users to be on the lookout for spam campaigns or emails from the bank with a URL that you might not recognise," he said.
Improving financial service providers' security is an ongoing goal of law enforcement and government agencies across the world.
Europol's European Cybercrime Centre signed a Memorandum of Understanding with the European Banking Federation in September pledging to co-operate when combating cyber threats.
IBM and Technical University of Munich team demonstrate how Shor's algorithm, which can't be cracked by conventional computers, can be solved quickly with quantum computing
Hubble Space Telescope finds superflares from young red dwarfs could strip away planetary atmosphere
Younger stars are 100 to 1,000 times more energetic than when they're older
Two of the big four supermarkets will use the system to control sales of restricted products
PUBG news and updates: November's Update #23 to bring new Skorpion pistol and changes to blue zone visibility
Genuinely useful side-arm coming to PUBG in Update #23