NEW YORK, N.Y. – JPMorgan Chase & Co. said Thursday that about 465,000 users of a prepaid cash card may have had their personal information hacked.
The bank’s UCard is used in corporate or government prepaid benefit programs, such as food stamps, unemployment benefits, or tax refunds. Corporations use UCard to pay workers who don’t have checking accounts.
The hackers breached the UCard website from mid-July to mid-September, said Michael Fusco, a spokesman for JPMorgan. While it’s unclear what data was accessed, next week the bank plans to notify all customers who logged into the website during that time to tell them the information they provided may have been compromised.
So far, the bank has found no evidence the information accessed was used improperly and customers can continue to use their cards, he said. The affected cardholders will also be offered credit monitoring services, he said.
The State of Pennsylvania Treasury Department, one of the state government agencies using UCard, said the types of information possibly accessed are customers’ UCard number, their date of birth, user ID, and email address. The Pennsylvania Treasury said 26,000 accounts were compromised.
The Pennsylvania Treasury said JPMorgan Chase was unable to explain how the breach occurred and the breach has been referred to law enforcement.
Fusco said the bank notified the U.S. Secret Service and FBI and does not know who breached the site.
A statement from Connecticut State Treasurer Denise Nappier said about 14,300 accounts were affected in Connecticut.
The breach does not affect banking customers who have credit or debit cards, or customers of the prepaid Chase Liquid card, according to the bank.