JPMorgan Chase has warned some 465,000 prepaid cash card customers that their personal information may be at risk after unknown hackers attacked its network earlier this year.
First reported by Reuters, nearly half-a-million cards were issued for companies and businesses to pay employees and for the federal government to issue tax refunds and other welfare benefits.
The banking giant said on Wednesday its online UCard portal had suffered a breach in mid-September, which allowed an unknown number of hackers to access vast amounts of customer prepaid cash card data.
The issue was subsequently fixed and the breach reported to the FBI and Secret Service. No funds are thought to have been stolen.
It's not yet clear how hackers were able to breach the bank's network, or what information was specifically taken. But the concern is that though card data is encrypted, personal data may have been stored in plain text files.
Social security data and birth dates are not understood to have been taken, but a "small amount" of other data may have been. The bank did not elaborate.
In a statement published by the Louisiana Commissioner of Administration Kristy Nichols, as one of the states requiring banks to notify customers of a data loss or breach: "The data exposure affects only cardholders who registered their cards on the JPMorgan UCard Center website and, between July and September 2013, performed certain actions online.
She added the government will "hold JP Morgan Chase responsible" to ensure state citizen data is protected.
The total number of those affected account for about 2 percent of its roughly 25 million UCard users.