At least one segment of the population appears immune from the JPMorgan data breach that hit 76 million households this summer: federal cardholders.
The hackers who compromised a cache of names, phone numbers, and home and email addresses did not see contact information for the 500,000 government employees who use agency-issued JPMorgan cards.
This means there is no need for federal employees to replace cards or be concerned about hackers emailing duplicitous messages to defraud them – at least in this case. If they used those cards to shop at Kmart, Target or Home Depot, whose payment systems were recently poached, that puts them in a different risk category.
Consumers and small business employees who logged onto JPMorganOnline or Chase.com were affected by the August assault. However, feds sign on through a different website, called PaymentNet.
"Federal cards issued by JPMorgan were not impacted," company spokeswoman Patricia Wexler told Nextgov.
JPMorgan, Citibank and U.S. Bank are part of a federal program called SmartPay that provides purchase, travel and fleet cards to federal employees.
Government and private investigators now “know with certainty what was compromised and what wasn’t compromised," she said.
Officials at the General Services Administration, which runs the SmartPay program, said the JPMorgan breach did not impact GSA or SmartPay government cards at all.
Some security experts say the bank attackers might have ties to Russia or another Eastern European country.
JPMorgan serves about 37 federal agencies under SmartPay, including the Environmental Protection Agency, Transportation Department and NASA, according to the company.
Separately, on Tuesday, internal EPA investigators told lawmakers at a House hearing that out of $152,602 worth of transactions sampled, more than half -- or $79,254, covered prohibited, improper or erroneous purchases. In several cases, cardholders purchased unauthorized gym memberships totaling $2,867. The missteps are unrelated to JPMorgan or the recent penetration.