14 DAY TRIAL // Last week, JPMorgan Chase revealed that around 465,000 UCard customers might have had their information compromised after hackers gained unauthorized access to the company’s systems. Officials in Connecticut are unhappy about the fact that it took the bank such a long time to notify them.
The cybercriminals had access to the UCard servers between July and September. However, the financial organization started notifying impacted customers, among which the state of Connecticut, only in early December.
According to the Journal Inquirer, Deputy State Treasurer Christine Shaw has noted that they’re concerned about the period between September and December.
JPMorgan representatives argue that they only started alerting customers in December because it took them two months to investigate the incident and determine what data had been accessed.
The bank keeps customer data encrypted. However, the attackers could have gained access to information stored in log files.
UCards are usually utilized by companies to pay their employees and by government agencies for various payments. Connecticut uses them for child support, tax refunds and unemployment compensations. Over 14,000 residents are said to be affected.
As per its contract with the state, JPMorgan should report data breaches much quicker than in this particular case.
State Treasurer Denise L. Nappier noted last week that the case was referred to the Attorney General’s Office.
One source, who wants to remain anonymous, has told Softpedia that the data breach can be blamed on two things.
One of them is the fact that the compromised servers resided in ESF, which is Tier 3 within the JPMorgan Chase network architecture. This is considered a high exposure risk.
Secondly, our source tells us that the bank has utilized open source software, which “despite voiced reluctance from related internal teams, was installed at the behest of architects and Global Technology (GTI).”
We haven’t been able to verify the information.