JPMorgan Chase is warning 465,000 holders of prepaid cash cards that their personal information may have been accessed by hackers who attacked the banks network earlier this year.
The cards were issued on behalf of government and corporate card clients and used for things like tax refunds, unemployment compensation and other benefits, Reuters reports. The breach affected the online portal such customers use, ucard.chase.com, between July and September of this year. An unknown number of hackers were able to access customers prepaid card data.
Kristy Nichols, Commissioner of Louisiana, announced Wednesday that three Louisiana state agencies had been notified by the bank that a data breach may have exposed the personal information of certain Louisiana citizens. The Louisiana Department of Revenue, the Louisiana Workforce Commission and the Louisiana Department of Children and Family Services received notice that computer hackers had penetrated Chases computer security systems.
About 6,000 Louisiana recipients of a pre-loaded debit card used by the states department of revenue to distribute state income tax refunds could have been compromised, as well as approximately 5,300 child support debit cardholders and about 2,200 Louisianans receiving unemployment benefits via a JP Morgan Chase debit card, Nichols said.
JPMorgan said that when the bank became aware of the breach, it fixed the issue and reported it to law enforcement. Since then it has been investigating which cardholders may have been affected and how.
According to Reuters:
The bank typically keeps the personal information of its customers encrypted, or scrambled, as a security precaution. However, during the course of the breach, personal data belonging to those customers had temporarily appeared in plain text in files the computers use to log activity.
The bank believes "a small amount" of data was taken, but not critical personal information such as social security numbers, birth dates and email addresses.
The bank also told the news agency it is offering the cardholders a year of free credit-monitoring services and that it has not found that any funds were stolen as a result of the breach, nor does it have evidence that other crimes have been committed.