JPMorgan Chase said Thursday that information such as names and addresses for 76 million household customers and seven million businesses was compromised in a data breach this summer.
But the largest US bank said there was no evidence that critical account information such as account numbers, user identities or social security numbers were stolen by the hackers.
The bank "continues not to have seen any unusual customer fraud related to this incident," JPMorgan said in a securities filing.
"JPMorgan Chase customers are not liable for unauthorized transactions on their account that they promptly alert the firm to," the bank said.
JPMorgan said in August that it was cooperating with law-enforcement officials following reports that hackers believed to be from Russia broke into the bank's computer systems.
Earlier Thursday, the New York Times reported that JPMorgan was hit by hackers for a second time in three months. The report, citing people familiar with the probe, said the bank found that hackers from Italy or another part of southern Europe accessed bank servers.
But a JPMorgan spokeswoman called the report "false" and said that the bank is "not aware of any new attack."
The case follows other huge data breaches at Home Depot and Target. The Home Depot breach affected 56 million customer payment cards, while the Target breach affected credit card data for 40 million customers, plus personal and identification information for 70 million other customers.