Personal information of nearly half a million corporate and government clients who hold prepaid cash cards issued by JPMorgan Chase & Co. (NYSE:JPM) may have been compromised in a cyberattack that took place on the bank’s network in July, the bank warned on Wednesday.
Corporations use JPMorgan’s cash card, known as UCard, to pay salaries, while government agencies use it for issuing tax refunds and unemployment benefits. JPMorgan said it discovered in September that web servers supporting its site, www.ucard.chase.com, had been hacked, potentially involving unauthorized access to the personal information of 465,000 cardholders, according to a Reuters report.
The issue was soon fixed and the incident has been brought to the attention of law enforcement authorities, JPMorgan said, adding that the bank has been trying to identify how many accounts were compromised in the attack.
About 2 percent of the 25 million UCard users could have been potentially affected and the bank is in the process of notifying the clients, Reuters reported, citing JPMorgan spokesman Michael Fusco.
The bank said only “a small amount” of data may have been accessed by outsiders and that it did not include vital information such as social security numbers and email addresses. Hackers often use such data to steal identities for obtaining credit cards or to open bank accounts, according to Reuters.
Continue Reading Below
The bank said only UCard customers were affected, and data of holders of debit cards, credit cards or prepaid Liquid cards, were not compromised in the incident.
According to JPMorgan, the Secret Service and the FBI have launched an investigation into the cyberattack, and as of now, the bank does not know who was responsible for the attack.
In May, federal authorities had revealed that a sophisticated global network of cyber-criminals stole $45 million within hours from cash machines around the world. The theft, which a U.S. prosecutor described as a “massive 21st-century bank heist” was carried out by hacking into bank databases and stealing all the information needed to withdraw money.