About 465,000 individuals using prepaid cash cards issued by JPMorgan Chase may have had their personal data exposed in a breach, the financial giant has disclosed.
"Seems to me that the last few years have established that no one is too big, too powerful, or too well-secured to suffer an attack or leakage," said David Harley, a senior research fellow at ESET.
A JPMorgan Chase spokesperson told Reuters that the bank was still investigating to identify which accounts were involved and what information may have been compromised as part of the breach. While "a small amount" of data was taken and card numbers may have been exposed, JPMorgan Chase told Reuters it did not believe critical personal information such as birth dates and email addresses had been exposed.
Even so, JPMorgan is now notifying its cardholders, with affected individuals receiving email messages starting on Monday. The notification process is expected to take a few days.
The finance group detected the breach in the web server for www.ucard.chase.com in the middle of September, according to the Reuters report. The bank declined to reveal any details about how the breach occurred but said the issue has been fixed. What's worrying about the incident is that while the bank encrypts personal information stored on its servers, some of the data may show up in plain text in the server log files.
It's important that organisations train employees to recognise attacks and enforce policies to ensure data is protected, Hurley said. "The bigger the organisation, the more difficult and expensive it is to ensure that everyone gets the full benefit of those measures," he said.