Hackers access plain text info on nearly 500K JPMorgan Chase cardholders

Share this article:

Banking and financial services holding company JPMorgan Chase is alerting 465,000 prepaid cash cardholders that their personal information may have been compromised by hackers.

How many victims? About 465,000. 

What type of personal information? A small amount of noncritical personal information. An investigation is ongoing to reveal exactly what information was accessed.

What happened? Hackers breached the www.ucard.chase.com website and gained access to the personal information, which appeared in plain text during the course of the attack. The prepaid cash cards were used by corporations to pay employees and for government agencies to issue tax refunds, unemployment compensation and other benefits.

What was the response? Upon learning of the incident, the flaw was fixed and reported to law enforcement. An investigation is ongoing with the Secret Service and FBI. JPMorgan Chase is alerting all affected customers and is offering a free year of credit-monitoring services.

Details: Hackers breached the website in July and JPMorgan Chase learned of the attack in mid-September. Personal information for customers is typically encrypted, but the data appeared in plain text during the attack. It is currently unknown who is responsible for the breach. JPMorgan Chase said no funds have been stolen as a result of the breach and, thus, no new cards have been issued.

Quote: “According to the bank, the data exposure affects only cardholders who registered their cards on the JPMorgan UCard Center website and, between July and September 2013, performed certain actions online,” Kristy Nichols, Louisiana commissioner of administration, said in a statement. Three Louisiana state agencies were affected in the breach.

Source: reuters.com, “JPMorgan warns 465,000 card users on data loss after cyber attack,” Dec. 5, 2013

Share this article:

Sign up to our newsletters


More in The Data Breach Blog

Laptop stolen from Self Regional Healthcare contained patient data

As least 500 patients of Self Regional Healthcare have been notified that their personal information was on a laptop stolen from a Self Regional facility.

Thousands had data on computers stolen from California medical office

Bay Area Pain Medical Associates notified about 2,780 patients that their data was on computers stolen from its California offices.

Subcontractor breach impacts 1,700 in Dominion Resources employee wellness plan

About 1,700 people in the Dominion Resources employee wellness program have been notified that their data was accessed in a breach.