JPMorgan warns 465,000 card users on data loss after cyber attack
By David Henry and Jim Finkle
NEW YORK/BOSTON (Reuters) - JPMorgan Chase & Co is warning some 465,000 holders of prepaid cash cards issued by the bank that their personal information may have been accessed by hackers who attacked its network in July.
The cards were issued for corporations to pay employees and for government agencies to issue tax refunds, unemployment compensation and other benefits.
JPMorgan said on Wednesday it had detected that the web servers used by its site www.ucard.chase.com had been breached in the middle of September. It then fixed the issue and reported it to law enforcement.
Bank spokesman Michael Fusco said that since the breach was discovered, the bank has been trying to find out exactly which accounts were involved and what information may have been compromised. He declined to discuss how the attackers breached the bank's network.
Fusco said the bank was notifying the cardholders, who account for about 2 percent of its roughly 25 million UCard users, about the breach because it couldn't rule out the possibility that their personal information was among the data removed from its servers.
The bank typically keeps the personal information of its customers encrypted, or scrambled, as a security precaution. However, during the course of the breach, personal data belonging to those customers had temporarily appeared in plain text in files the computers use to log activity.
The bank believes "a small amount" of data was taken, but not critical personal information such as social security numbers, birth dates and email addresses.
Cyber criminals covet such data because it can be used to open bank accounts, obtain credit cards and engage in identity theft. Many states require banks to notify customers if they believe there is any chance that such information may have been taken in a breach. Continued...