Albany
Approximately 40,000 welfare, food stamp and unemployment recipients were told this month that their electronic benefit card information may have been viewed by hackers.
There's no evidence that anyone actually suffered a loss from the electronic intrusion, but officials are wondering why the major bank that administers the cards, J.P. Morgan Chase, took nearly three months to tell them about the breach.
The potential breach occurred between July 17 and Sept. 17.
It involved an estimated 465,000 people nationwide after unencrypted personal data for cash card holders showed up on a site maintained by the bank for its UCard cash card system.
If someone accessed the site and, for example, entered an address change or other update, it briefly showed up in a form that was not encoded. Normally, personal information on the site is encrypted.
The data was not believed to include
Social Security numbers and led to no known theft or loss of money.
The potential breach was reported by Reuters in early December, around the same time state officials said they were notified.
Other states, including Connecticut and Louisiana, also use the system for services like welfare payments as well as income tax refunds.
J.P. Morgan Chase spokesman
Michael Fusco said they initially focused their effort on dealing with the potential breach.
"When we detected the issue, our first priority was to protect the system," he said. "We quickly fixed the issue and began an extensive investigation to find out what happened."
The bank this month emailed cardholders who might have been affected, Fusco said, stressing that no one has reported any improper use of their cards.
Additionally, the bank will offer two years of free credit monitoring for people who may have had their data viewed.
Still, the episode has left state officials in New York as well as other states wondering why they weren't immediately informed.
"The State is awaiting an explanation from Chase as to why the State and its departments were not informed until December 3 of the potential security breach that was discovered in mid-September," a statement on the Labor Department website said.
"We believe it would have been appropriate for J.P. Morgan Chase to notify us immediately and we are currently assessing the matter further," Labor spokesman
Chris White said in an email.
A hotline to answer customer questions is available at 866-849-5255.
No comments:
Post a Comment