Hackers access plain text info on nearly 500K JPMorgan Chase cardholders

Share this article:

Banking and financial services holding company JPMorgan Chase is alerting 465,000 prepaid cash cardholders that their personal information may have been compromised by hackers.

How many victims? About 465,000. 

What type of personal information? A small amount of noncritical personal information. An investigation is ongoing to reveal exactly what information was accessed.

What happened? Hackers breached the www.ucard.chase.com website and gained access to the personal information, which appeared in plain text during the course of the attack. The prepaid cash cards were used by corporations to pay employees and for government agencies to issue tax refunds, unemployment compensation and other benefits.

What was the response? Upon learning of the incident, the flaw was fixed and reported to law enforcement. An investigation is ongoing with the Secret Service and FBI. JPMorgan Chase is alerting all affected customers and is offering a free year of credit-monitoring services.

Details: Hackers breached the website in July and JPMorgan Chase learned of the attack in mid-September. Personal information for customers is typically encrypted, but the data appeared in plain text during the attack. It is currently unknown who is responsible for the breach. JPMorgan Chase said no funds have been stolen as a result of the breach and, thus, no new cards have been issued.

Quote: “According to the bank, the data exposure affects only cardholders who registered their cards on the JPMorgan UCard Center website and, between July and September 2013, performed certain actions online,” Kristy Nichols, Louisiana commissioner of administration, said in a statement. Three Louisiana state agencies were affected in the breach.

Source: reuters.com, “JPMorgan warns 465,000 card users on data loss after cyber attack,” Dec. 5, 2013

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

POLL

More in The Data Breach Blog

Florida medical center hit with breach for third time in two years

Aventura Hospital and Medical Center has reported a data breach for the third time in two years.

Tampa General Hospital breach impacts hundreds of patients

Tampa General Hospital is notifying 675 patients that their personal information may have been accessed, without authorization, by a former employee.

George Mason University travel system targeted for malware attack

The incident could have exposed the names and Social Security numbers of users, although no evidence has surfaced to suggest that's the case.