US based banking and financial services firm JPMorgan Chase has warned its prepaid card users that personal information of about 465,000 accounts may have been accessed following a cyber attack on its network in July.
According to reports, the cards were issued by the bank to companies to pay employees corporations and for government agencies to credit tax refunds and unemployment compensation.
The company said that its web servers used by its site www.ucard.chase.com had been compromised in the middle of September.
JPMorgan spokesman Michael Fusco was quoted by Reuters saying that the bank is trying to find out which accounts have been breached and what information has been stolen in the breach.
During the breach, personal data of some card holders briefly appeared in plain text in computers used for to log activity though the personal information is usually kept encrypted and scrambled to ensure security.
According to the bank, "a small amount" of data has been stolen which excludes critical personal information such as social security numbers, birth dates and email addresses.
The bank is in the process of notifying about 2% of its 25 million UCard users including users in the states of Louisiana and Connecticut.
Louisiana commissioner of Administration Kristy Nichols said that three state agencies have been notified by JP Morgan Chase that a data breach may have exposed the personal information of certain Louisiana citizens.
The state agencies included Louisiana Department of Revenue (LDR), the Louisiana Workforce Commission (LWC), and the Louisiana Department of Children and Family Services (DCFS).
Nichols said, "About 6,000 Louisiana recipients of a pre-loaded debit card used by LDR to distribute state income tax refunds could have been compromised, as well as approximately 5,300 DCFS child support debit cardholders and about 2,200 Louisianans receiving unemployment benefits via a JP Morgan Chase debit card.
"Through a contract with the Louisiana Department of the Treasury, JPMorgan Chase issues debit cards for certain state agencies, including LDR, DCFS and LWC," Nichols added.
"According to the bank, the data exposure affects only cardholders who registered their cards on the JPMorgan UCard Center website and, between July and September 2013, performed certain actions online."