US banking giant Chase & Co has alerted 465,000 prepaid cash card holders that hackers may have gained access to their personal information.
Hackers attacked the bank’s network in July 2013, but Chase revealed on 04 December that it detected the breach in its www.ucard.chase.com site in mid September.
The cards in question had been issued to both governments and corporations, to enable them to pay employees, issue tax refunds, pay unemployment compensations and benefits.
Once the breach was discovered, it was fixed and reported to law enforcement, claimed the bank.
Michael Fuso, a spokesman for Chase, revealed the bank has been investigating the breach to determine which accounts were targeted and any information that might have been compromised, but refused to reveal how the hackers were able to overcome the bank’s network.
The cardholders affected constitute around 2% of Chase’s 35m Ucard customers, and the bank is in the process of notifying them.
According to Fuso, despite the fact that personal information is usually stored in encrypted form as a security precaution by Chase, during the the attack the data had temporarily appeared in plain text within the computer activity log files, sparking breach concerns.
The bank said it believes the amount of data taken to be ‘small’, and not constitutive of critical personal information such as birth dates, email addresses and social security details.
Chase also revealed it will also be offering cardholders a year of free credit-monitoring services in response to the breach.