The bank discovered the intrusion on its servers in mid-August and has since determined that the breach began as early as June, spokeswoman Patricia Wexler said.
"We have identified and closed the known access paths," she said, declining to elaborate.
She also declined to comment on whether JPMorgan has been able to determine who was behind the cyberattack on its servers.
In response to the data breach, the company has disabled compromised accounts and reset passwords of all its technology employees, Wexler said.
In a post on its Chase.com website, the bank told customers that it doesn't believe they need to change their password or account information. It also noted that customers are not liable for unauthorized transactions when they promptly alert the bank.
Read MoreWatch out: iOS 8 autocompletes your password
The breach is yet another in a series of data thefts that have hit financial firms and major retailers.
Last month, Home Depot said that malicious software lurking in its check-out terminals between April and September affected 56 million debit and credit cards. Michaels and Neiman Marcus also have been attacked by hackers in the past year.
A data breach at Target in December compromised 40 million credit and debit cards. TJX Cos.'s theft of 90 million records, disclosed in 2007, remains the largest data breach at a retailer.
Chase's assurances that it hasn't found any evidence of the personal data being misused shouldn't be misinterpreted as a reason to rest easy. The information still could be used in a variety of ways to rip off people in the months and years ahead.
That means consumers and business owners need to be more vigilant than ever, making sure to pore over their financial statements each month for any sign of suspicious activity. People also should be more leery than ever of unsolicited phone calls from purported bank representatives, emails fishing for their financial information and even uninvited guests knocking at their doors.