Breach, Data Security, Vulnerability Management

Hackers access plain text info on nearly 500K JPMorgan Chase cardholders

Banking and financial services holding company JPMorgan Chase is alerting 465,000 prepaid cash cardholders that their personal information may have been compromised by hackers.

How many victims? About 465,000. 

What type of personal information? A small amount of noncritical personal information. An investigation is ongoing to reveal exactly what information was accessed.

What happened? Hackers breached the website and gained access to the personal information, which appeared in plain text during the course of the attack. The prepaid cash cards were used by corporations to pay employees and for government agencies to issue tax refunds, unemployment compensation and other benefits.

What was the response? Upon learning of the incident, the flaw was fixed and reported to law enforcement. An investigation is ongoing with the Secret Service and FBI. JPMorgan Chase is alerting all affected customers and is offering a free year of credit-monitoring services.

Details: Hackers breached the website in July and JPMorgan Chase learned of the attack in mid-September. Personal information for customers is typically encrypted, but the data appeared in plain text during the attack. It is currently unknown who is responsible for the breach. JPMorgan Chase said no funds have been stolen as a result of the breach and, thus, no new cards have been issued.

Quote: “According to the bank, the data exposure affects only cardholders who registered their cards on the JPMorgan UCard Center website and, between July and September 2013, performed certain actions online,” Kristy Nichols, Louisiana commissioner of administration, said in a statement. Three Louisiana state agencies were affected in the breach.

Source:, “JPMorgan warns 465,000 card users on data loss after cyber attack,” Dec. 5, 2013

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.