Threatwatch

Data on 465,000 tax refund and benefits debit cardholders hacked

Network intrusion

Card issuer JPMorgan discovered an intrusion on web servers used by the site www.ucard.chase.com.

Corporations pay employees and the government issues tax refunds, unemployment compensation and other benefits using the cards.

Hackers attacked the bank’s network in July, the bank discovered the incident in September, and the public found out in December.

“Bank spokesman Michael Fusco said that since the breach was discovered, the bank has been trying to find out exactly which accounts were involved and what information may have been compromised. He declined to discuss how the attackers breached the bank's network,” Reuters reports.

The affected individuals account for about 2 percent of JPMorgan’s roughly 25 million UCard users.

The bank typically keeps the personal information of its customers encrypted, but “during the course of the breach, personal data belonging to those customers had temporarily appeared in plain text in files the computers use to log activity,” according to Reuters.

The bank does not believe critical personal information such as social security numbers, birth dates and email addresses was taken.

Fusco said the bank is unaware of any stolen funds and it has no evidence that other crimes have been committed.

The spokesman declined to identify the government agencies and businesses whose customers it has warned about the breach – or how the hackers got in.

Officials from Louisiana and Connecticut said the bank notified them this week that personal information of some of their citizens may have been exposed.

ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.

sector

Financial Services; Government (U.S.)

reported

December 5, 2013

reported by

Reuters

number affected

465,000 debit cardholders

location of breach

Unknown

perpetrators

Unknown

location of perpetrators

Unknown

date breach occurred

July 2013

date breach detected

September 2013