Hackers access plain text info on nearly 500K JPMorgan Chase cardholders

Share this article:

Banking and financial services holding company JPMorgan Chase is alerting 465,000 prepaid cash cardholders that their personal information may have been compromised by hackers.

How many victims? About 465,000. 

What type of personal information? A small amount of noncritical personal information. An investigation is ongoing to reveal exactly what information was accessed.

What happened? Hackers breached the www.ucard.chase.com website and gained access to the personal information, which appeared in plain text during the course of the attack. The prepaid cash cards were used by corporations to pay employees and for government agencies to issue tax refunds, unemployment compensation and other benefits.

What was the response? Upon learning of the incident, the flaw was fixed and reported to law enforcement. An investigation is ongoing with the Secret Service and FBI. JPMorgan Chase is alerting all affected customers and is offering a free year of credit-monitoring services.

Details: Hackers breached the website in July and JPMorgan Chase learned of the attack in mid-September. Personal information for customers is typically encrypted, but the data appeared in plain text during the attack. It is currently unknown who is responsible for the breach. JPMorgan Chase said no funds have been stolen as a result of the breach and, thus, no new cards have been issued.

Quote: “According to the bank, the data exposure affects only cardholders who registered their cards on the JPMorgan UCard Center website and, between July and September 2013, performed certain actions online,” Kristy Nichols, Louisiana commissioner of administration, said in a statement. Three Louisiana state agencies were affected in the breach.

Source: reuters.com, “JPMorgan warns 465,000 card users on data loss after cyber attack,” Dec. 5, 2013

Share this article:

Sign up to our newsletters


More in The Data Breach Blog

Malware on Backcountry Gear website, payment cards compromised

Malware was installed on the Backcountry Gear website for roughly three months, during which payment cards may have been compromised.

Programming error results in CVS Caremark mailing blunder

About 350 CVS Caremark customers are being notified that a programming error resulted in mailers containing their personal information being sent to the wrong customers.

Seattle University donor checks possibly exposed due to settings error

Seattle University is notifying an undisclosed number of donors that anyone with a Seattle University computer account could have viewed scanned checks.