Computer servers owned by JPMorgan Chase Bank have been breached. The financial institution alerted high-end jewelry company Tiffany & Co because the affected machines contained the personal details of some employees.“We recently were informed by JPMorgan Chase Bank, N.A. (“Chase”) that there was unauthorized access to Chase’s computer servers containing personal information of some Tiffany & Co. employees,” Ewa Abrams, Tiffany’s chief privacy officer, wrote in a letter dated September 5 to the New Hampshire Attorney General.
“Chase told us that the affected servers, which contained certain information provided in connection with a Tiffany employee travel expense reimbursement system, contained information such as names, addresses, Social Security numbers and banking information,” Abrams added.
The bank has told the company that it has no reason to believe that the sensitive information has been copied or misused.
Furthermore, the financial institution shut down the affected servers and upgraded its security systems to prevent such incidents from occurring in the future.
Tiffany also sent out letters to the impacted individuals – apparently there are “approximately” three employees from New Hampshire – advising them to be on the lookout for any suspicious transactions.
They also recommend that potential victims order credit reporting and register for credit monitoring services from ITAC Sentinel. Chase will support the costs of the service for a period of one year.
This isn’t the only security issue Chase has had to deal with in the past period. Last week, the bank was forced to shut down its website after Muslim hackers launched a distributed denial-of-service attack against it.
Bank of America is also experiencing some problems these days. Besides the fact that it was also a target of hacktivists, experts identified a glitch in the bank’s systems which exposes the names, bank account details, balances, and email addresses of random users.
Update. The article has been updated to clarify the fact that it's uncertain if the "unauthorized access" was in fact the work of hackers. As databreaches.net highlights, the incident may have been caused by a piece of malware, hackers, or an employee of the financial institution.