The hackers that breached JPMorgan Chase over the summer likely got in through a neglected server that the bank's IT security failed to upgrade with two-factor automation, according to a report in the New York Times.

The Times cited sources familiar with the findings of an internal review of the financial institutions systems.

While Chase assured customers “there is no evidence” that account numbers, passwords, Social Security numbers, user IDs and other sensitive information was compromised, the summer breach exposed 76 million household and seven million small business accounts. It also raised questions as to how a firm so vigilant about security could suffer a sustained event that went undetected for so long.