JP Morgan warns 465,000 customers that data could be exposed after cyber attack

Personal data could have been taken from web servers, says bank

JP Morgan is warning 465,000 of its prepaid cash card customers that their personal data may have been accessed by hackers who attacked the bank's network in July.

Corporations were issued the cards to pay employees, while government bodies used the cards to issue tax refunds and unemployment compensation in addition to other benefits.

In September, JP Morgan's web servers, which are used by its www.ucard.chase.com website, were breached. The bank managed to fix the issue and report it to US law enforcement.

Michael Fusco, a spokesman for the bank, told Reuters that in the months since the cyber attack, the firm has been investigating what data has been taken and which account holders have been affected.

The bank is notifying the cardholders who are affected because personal information may have also been taken from the web servers. Although personal data is usually encrypted, the bank claims that personal data for those customers had temporarily appeared in plain text files, as a way for the system to log activity.

About two per cent of its 25 million UCard users have been affected, and the bank maintains that only a "small amount" of data was taken and that did not involve critical personal information such as social security numbers, birth dates and email addresses. Funds are also understood not to have been retrieved from any of the accounts.

The bank's debit card, credit card and Liquid card holders are not affected by the attack.

The bank is offering the affected UCard holders a year of free credit-monitoring services.