A warning has been sent across 465,000 holders of JPMorgan prepaid cash cards issued by the bank that their personal information may have been accessed by hackers who attacked its network.
The cards were issued for corporations to pay employees and for government agencies to issue tax refunds, unemployment compensation and other benefits.
JPMorgan reported the law enforcement as soon as it detected that its web servers used by its site www.ucard.chase.com had been breached.
Bank spokesman Michael Fusco said that since the breach was discovered the bank has been investigating to find out exactly which accounts were involved and what pieces of information could have been taken. He declined to discuss how the attackers breached the bank’s network.
Fusco said the bank is notifying the cardholders about the breach because it cannot rule out the possibility that their personal information was among the data removed from its servers. The cardholders account for about 2 percent of Fusco’s roughly 25 million UCard users.
The bank typically keeps the personal information of its customers encrypted, or scrambled, as a security precaution. However, during the course of the data breach, personal data belonging to those customers had temporarily appeared in plain text in files the computers use to log activity.
The bank believes “a small amount” of data was taken, but not critical personal information such as social security numbers, birth dates and email addresses.
Cyber criminals covet such data because it can be used to open bank accounts, obtain credit cards and engage in identity theft. Many states require banks to notify customers if they believe there is any chance that such information may have been taken in a breach.
The bank is also offering the cardholders a year of free credit-monitoring services.
The warning only affects the bank’s UCard users, not holders of debit cards, credit cards or prepaid Liquid cards.
Fusco said the bank has not found that any funds were stolen as a result of the breach and that it has no evidence that other crimes have been committed. As a result, it is not issuing replacement cards.
The bank said it does not know who was behind the attack, though the Secret Service and FBI are investigating the matter.
Get your personal as well as office laptops encrypted by Alertsec
Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.
Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.