JP Morgan Chase warns of personal information risk after cyber attack

06 Dec 2013

JPMorgan Chase has warned some 465,000 prepaid cash card customers of their personal information possibly being at risk after its network came under attack from unknown hackers earlier this year.

Reuters had first reported that JPMorgan Chase had issued nearly half-a-million cards to companies and businesses for paying employees and to the federal government for issuing tax refunds and other welfare benefits.

The banking giant said yesterday, its online UCard portal had been breached in mid-September, which opened up vast amounts of data to an unknown number of hackers. The data pertained to customer prepaid cash cards.

The issue was later addressed and the FBI and the Secret Service were intimated about the breach. However, there had been no fund thefts.

It remains unclear as to how the hackers could breach the bank's network, or what specific information had been compromised, but the concern was, though card data was encrypted, personal data might have been stored in plain text files.

Though social security data and birth dates might not have been taken, a "small amount" of other data might have been compromised. The bank has not elaborated.

According to Michael Fusco, a spokesman for the bank, who spoke to Reuters, in the months since the cyber attack, the firm had been investigating what data had been taken and which account holders had been affected.

Holders of the bank's debit, credit and liquid cards were not affected by the attack.

Affected UCard holders have been offered a year of free credit-monitoring service.

Such data is a godsend for cyber criminals as it can be used for opening bank accounts, obtaining credit cards and in identity theft. Banks are required in many states in the US, to notify customers if they believed there was any chance that such information might have been taken in a breach.

Prepaid cards are finding favour among businesses and government agencies as they are easier to cash than paper checks.

However, the vast stores of data behind payment cards of all kinds had created new risks and in 2004, about 41 million credit and debit card numbers from major retailers were stolen.

US prosecutors said in May this year that a global cybercrime ring had stolen $45 million from banks by hacking into credit card processing firms and withdrawing money from automated teller machines in 27 countries.