JPMorgan suffered the biggest U.S. banking breach of all time. Hackers exploited the lack of 2FA to compromise a server in the network. JPMorgan confirmed that hackers obtained user contact information (i.e. names, phone numbers and email addresses), but other sensitive data including account numbers, passwords, user IDs, dates of birth and Social Security numbers were not stolen. The bank’s security team had apparently neglected to upgrade one of its network servers with the dual password scheme, the people briefed on the matter said.”]
Source: http://securityaffairs.co/wordpress/31450/cyber-crime/update-on-breach-jpmorgan.html