US banking major JP Morgan Chase has said the cyber attack on it this summer actually affected 76 million households and seven million small businesses - much more than the one million accounts the bank previously believed had been affected.
The bank said in an SEC filing that unknown hackers made use of an employee password to crack one of its servers and stole customers' contact information, including names, email addresses, phone numbers and addresses.
The hackers were unable to obtain information on customer accounts, such as account numbers, passwords and Social Security numbers or dates of birth, according to the bank, which added customer money is "safe".
JP Morgan, the largest US bank by assets, earlier disclosed the data breach in August, and was conducting an investigation into the matter. Executives believed the breach had affected around one million accounts, the New York Times reported.
The company added that it is fully cooperating with US law officials to determine the scope of the data breach.
The latest announcement should ease concerns that the data breach could lead to fraudulent transactions, using stolen details. The development would not affect consumers, according to cybersecurity experts.
Several people familiar with the investigation and bank security told the Wall Street Journal that the data accessed appears to be related to JP Morgan's marketing functions rather than its banking operations.
Up to five banks are reported to have become victims of a cyber attack in August.
A federal law enforcement official told USA Today that a group of Russian hackers was behind the attack.
Dmitry Peskov, a spokesman for Putin, previously dismissed the notion that Russia was behind the JPMorgan attack as "nonsense".
The attack on banks comes after US retailers such as Target and Home Depot suffered major data breaches, including leakage of payment card numbers. Information relating to 40 million cardholders and 70 million others was compromised through a hacking at Target, while 56 million Home Depot customers lost their card details in September.
"If you look at this breach as well as the many recent mega retail breaches you see a pattern not of individual breaches, but an attack on our financial system as a whole,"Ken Westin, security analyst from Tripwire, told IBTimes UK.
"Although there may be different actors involved in these breaches, the results are the same, more sensitive and payment information is making its' way into the hands of those with malicious intent."