JPMorgan Warns 450,000 Prepaid Cardholders of Data Breach

Comment (1)
Partner Insights

JPMorgan Chase is warning 465,000 holders of prepaid cash cards that their personal information may have been accessed by hackers who attacked the bank's network earlier this year, Reuters reports.

These cards were issued on behalf of government and corporate card clients and used for things like tax refunds, unemployment compensation and other benefits. The breach affected the online portal such customers use,, between July and September of this year. An unknown number of hackers were able to access customers' prepaid card data.

Kristy Nichols, Commissioner of Louisiana, announced Wednesday that three Louisiana state agencies had been notified by the bank that a data breach may have exposed the personal information of certain Louisiana citizens. The Louisiana Department of Revenue, the Louisiana Workforce Commission and the Louisiana Department of Children and Family Services received notice that computer hackers had penetrated Chase's computer security systems.

About 6,000 Louisiana recipients of a pre-loaded debit card used by the state's department of revenue to distribute state income tax refunds could have been compromised, as well as approximately 5,300 child support debit cardholders and about 2,200 Louisianans receiving unemployment benefits via a JP Morgan Chase debit card, Nichols said.

JPMorgan said that when the bank became aware of the breach, it fixed the issue and reported it to law enforcement. Since then it has been investigating which cardholders may have been affected and how.

According to Reuters:

The bank typically keeps the personal information of its customers encrypted, or scrambled, as a security precaution. However, during the course of the breach, personal data belonging to those customers had temporarily appeared in plain text in files the computers use to log activity.
The bank believes "a small amount" of data was taken, but not critical personal information such as social security numbers, birth dates and email addresses.

The bank also told the news agency it is offering the cardholders a year of free credit-monitoring services and that it has not found that any funds were stolen as a result of the breach, nor does it have evidence that other crimes have been committed.


(1) Comment



Top 8 Tweets from the Digital Banking Summit

Financial services technologists discussed the innovations and trends transforming the industry at last week's Digital Banking Summit in Los Angeles. Here are eight tweets that capture the key themes from the three-day fintech confab.

Comments (1)
As I understand this correctly, it took Chase roughly 2 months to notice that cardholder data had been hacked and then another 3 months for the bank to start notifying cardholders. By what standard could this be considered acceptable card management and customer care practice? Shouldn't cardholders have be warned as soon as the suspected hack was discovered, rather than 5 months later??
Posted by jim_wells | Friday, December 06 2013 at 12:20PM ET
Add Your Comments:
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.
Already a subscriber? Log in here
Please note you must now log in with your email address and password.