14 DAY TRIAL // The personal information of around 465,000 JPMorgan Chase customers might have been stolen by cybercriminals who managed to breach the company’s web servers used to host the ucard.chase.com website.
According to Reuters, the attackers breached the website dedicated to UCard customers sometime in July. The attack was detected only in the middle of September.
The financial organization says it keeps customer information encrypted. However, the hackers might have obtained some details from the log files created while they had access to the servers.
JPMorgan says there’s no evidence that sensitive information such as social security numbers, email addresses or birth dates have been obtained by the cybercriminals. The company has also revealed that no money has been stolen.
Impacted individuals are being offered free credit monitoring services for one year. However, cards are not being replaced.
It’s worth noting that only UCard users are impacted. A bank representative has told Reuters that the 465,000 impacted individuals represent only 2% of the total of 25 million UCard holders.
JPMorgan has only started notifying customers now because since the breach was discovered, it has worked on investigating the incident.
The bank has refused to reveal how the attackers breached its systems. However, they’re confident that the vulnerabilities they exploited have been fixed.
It’s uncertain who the attackers are, but the FBI and the Secret Service have launched an investigation into the matter.
It’s worth noting that JPMorgan Chase issues UCards to government agencies and corporations, which use them to pay employees.
The impacted organizations have not been named by the bank, but KATC has reported that three Louisiana state agencies have been notified – namely the Louisiana Department of Revenue, the Louisiana Workforce Commission, and the Louisiana Department of Children and Family Services.