Up to 465,000 affected in JPMorgan Chase hack

Hackers may have accessed the personal information of up to 465,000 holders of cash cards from JPMorgan Chase & Co in an attack on the bank’s network in July.

According to Reuters, the bank said it realised in September that the web servers behind its site www.ucard.chase.com had been breached, and subsequently fixed the issue and reported the attack to law enforcement. The US’s Secret Service and FBI are said to be investigating the attack.

Reuters said that while the bank typically keeps customers’ personal information encrypted, personal data belonging to some customers temporarily appeared in plaintext in files used to log activity during the attack. The bank reportedly believes that a “small amount” of data was taken.

A JPMorgan Chase spokesperson said hackers were able to view a “small file of data”, according to the WSJ.

The bank doesn’t know what was in the file, but “bank officials believe it was too small to include critical personal information such as social security, card, phone or account numbers, addresses, names or dates of birth for individual card holders. But the bank also can’t rule out that such information was compromised”, the WSJ reported.

JP Morgan Chase spokesman Michael Fusco said the bank is notifying the 465,000 cardholders that may be affected of the breach. The warning apparently only applies to the bank’s UCard users - not users of the bank’s debit cards, credit cards or prepaid Liquid cards.

According to Fusco, the bank had not found that any funds were stolen as a result of the attack.