Chase Says Cardholder Data May Have Been Exposed to Hackers (Dec. 5, 2013)
JP Morgan Chase & Co. has notified 465,000 holders of prepaid cards issued by the bank that some of their personal data may have been exposed to hackers after its systems were breached last summer. The breach affected Chase’s UCard Web portal, which offers online account management for government benefits and corporate payments cards issued by the bank, according to Reuters. Chase said the breach did not affect any of the bank’s credit, debit or Liquid prepaid card holders, and that only 2 percent of the total UCard user base had its data exposed.
Chase discovered the breach in mid-September, a bank spokesman told Reuters, and subsequently fixed the issue and reported it to law enforcement. The bank launched an investigation in the ensuing months to find out what data was exposed during the breach and now is notifying the nearly half a million cardholders whose personal data may have been temporarily unencrypted during the breach. However, only “a small amount” of data was taken, and no critical information, such as social security numbers, birth dates and email addresses was exposed, according to the Reuters report. Because no funds were stolen as a result of the breach, and there is no evidence of other crimes related to the hack, Chase said it’s not issuing replacement cards, according to Reuters. However, the bank is offering affected cardholders a year of free credit monitoring services. Chase could not be reached for comment by press time.
In other payments security news, last month federal prosecutors in New York announced five more arrests in connection with a coordinated $45 million global ATM heist perpetrated last December and in February of this year.