JPMorgan, the largest US bank with $3.4 trillion in assets, recently fixed a years-old software problem that allowed unauthorized access to 451,809 retirement plan records.

Three system administrators were able to access personal and financial information from retirement plan holders when they had certain reports, although they were not entitled to that information.

Administrators could see names, social security numbers, addresses, payment amounts, and routing and account numbers, according to JPMorgan PRESENTATION with the Maine Attorney General's Office.

Connected: A US state was hacked in a massive data breach — and every single resident is at risk

All three administrators were employed by JPMorgan clients or their agents and had “an obligation” to keep user data secure as part of their jobs, according to the filing.

JPMorgan became aware of the issue on February 26 after one of the administrators with the wrong access self-reported it. Started in August 2021.

The bank stated that it “immediately” took action to correct the user's access and also “tested and applied a software update”.

Between the time of the breach and the time of discovery, a period of more than two years, administrators download a relatively low number of affected reports – only twelve reports in total. They have since reported the data deletion.

Connected: JPMorgan says AI cash flow software reduces human labor by almost 90%

JPMorgan sent a written notice to affected customers on April 18 and offered them two years of identity protection support.

“There is no indication of data misuse,” a JPMorgan spokesman said in a statement to Pensions and Investments.

JPMorgan isn't the only major US bank to report a recent data breach. A ransomware group may have obtained the account information of more than 50,000 Bank of America account holders in November, for a February announcement from the bank.