It looks like the cyberattack on JPMorgan Chase that exposed information from 83 million households and businesses might actually have been worse than initially reported.
New reports say JPMorgan was just one of 10 financial institutions targeted in the attack.
We don't know yet what those other institutions are or what information the hackers might have gained from the other nine attacks.
But JPMorgan told its customers while their name, address and contact information could have been obtained, "There is no evidence that your account numbers, passwords, user IDs, date of birth or Social Security number were compromised during this attack."
No one's confirmed identities for the hackers, but The New York Times reports officials believe the perpetrators are operating out of Russia and that they have "at least loose connections with officials of the Russian government."
It's also not clear whether theft was the main motive for the attack, but the Times spoke to an American official who speculated it might have been retaliation for the sanctions placed on Russia over its actions in Ukraine.
The officials said it could have been "intended to send a message to Wall Street and the United States about the vulnerability of the digital network of one of the world’s most important banking institutions."
This cyberattack comes not long after another high-profile hack on Home Depot's customer data last month and a similar attack on Target last year.
But the JPMorgan hack is more alarming, considering banks are supposed to have heavily fortified security on the ground and online. Fast Company writes, "Finance should be one of our most guarded industries, for obvious reasons. If a megabank like JPMorgan Chase is this vulnerable? That's bad news for everyone."
JPMorgan first discovered the breach in late July.
This video includes images from Getty Images.