JPMorgan Chase admits network hack; 465,000 card users' data stolen

JPMorgan Chase admits network hack; 465,000 card users' data stolen

Summary: The banking giant suffered a network breach this year that resulted in a large data breach — though, funds or critical personal information are not thought to have been stolen.

TOPICS: Security

JPMorgan Chase has warned some 465,000 prepaid cash card customers that their personal information may be at risk after unknown hackers attacked its network earlier this year.

First reported by Reuters, nearly half-a-million cards were issued for companies and businesses to pay employees and for the federal government to issue tax refunds and other welfare benefits. 

The banking giant said on Wednesday its online UCard portal had suffered a breach in mid-September, which allowed an unknown number of hackers to access vast amounts of customer prepaid cash card data.

The issue was subsequently fixed and the breach reported to the FBI and Secret Service. No funds are thought to have been stolen.

It's not yet clear how hackers were able to breach the bank's network, or what information was specifically taken. But the concern is that though card data is encrypted, personal data may have been stored in plain text files.

Social security data and birth dates are not understood to have been taken, but a "small amount" of other data may have been. The bank did not elaborate.

In a statement published by the Louisiana Commissioner of Administration Kristy Nichols, as one of the states requiring banks to notify customers of a data loss or breach: "The data exposure affects only cardholders who registered their cards on the JPMorgan UCard Center website and, between July and September 2013, performed certain actions online.

She added the government will "hold JP Morgan Chase responsible" to ensure state citizen data is protected.

The total number of those affected account for about 2 percent of its roughly 25 million UCard users.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Revised Ad Line

    Who's in your wallet?
  • Breaking news 4 months late.

    I know nobody on Wall Street gets prosecuted for crimes, but how about a major customer boycott for a company that doesn't report customer data theft till four months after it occurs.
  • Round up the usual suspects...

    I'm curious to see how Louisiana plans to "hold JP Morgan Chase responsible," since the state and federal govenments have done such a bang-up job of accountability so far...
  • Unaceptable

    I want Congress to go after them really hard. Back when Sony was attacked Congress did so go after these guys. Why did it take two months for this to even come out? This is even bigger than the Sony attack. A financial company should know what they're doing when it comes to network security. Someone better check everything out on their network. They probably have lots of issues.
  • OS unknown for the particular site. (U Card) runs F5 BIG-IP with Big IP Web Server.

    Sounds like an inside job.
  • A quarter billion security budget

    If this isn't a wake-up call to all corporations as to taking security seriously I don't what is. I'm just waiting for that watershed moment when a major cloud provider gets compromised and has to file an incident report and notify all it's customers. Maybe they can offer a new platform Hackers as a service HaaS.