Louisiana Agencies Notified of Breach Across Certain JPMorgan Chase Systems; Breach Not Confined to Louisiana (Update1)
Press release issued by Commissioner Kristy Nichols:
BATON ROUGE – Commissioner Kristy Nichols announced that three Louisiana state agencies were notified by JP Morgan Chase today that a data breach may have exposed the personal information of certain Louisiana citizens. The Louisiana Department of Revenue (LDR), the Louisiana Workforce Commission (LWC), and the Louisiana Department of Children and Family Services (DCFS) received information that computer hackers had penetrated Chase’s computer security systems. JP Morgan Chase officials have indicated that this breach is not an issue isolated to Louisiana.
“About 6,000 Louisiana recipients of a pre-loaded debit card used by LDR to distribute state income tax refunds could have been compromised, as well as approximately 5,300 DCFS child support debit cardholders and about 2,200 Louisianans receiving unemployment benefits via a JP Morgan Chase debit card. Through a contract with the Louisiana Department of the Treasury, JPMorgan Chase issues debit cards for certain state agencies, including LDR, DCFS and LWC.
“According to the bank, the data exposure affects only cardholders who registered their cards on the JPMorgan UCard Center website and, between July and September 2013, performed certain actions online. JPMorgan is notifying each affected cardholder by email of the specific manner in which their information was compromised. JP Morgan Chase states that there is no evidence that the information has been fraudulently used, and they continue to monitor the security status for all cardholders involved.. An investigation as to the causes of this security violation is ongoing.
“‘We will be working with law enforcement officials as this investigation continues,’ stated Commissioner of Administration Kristy Nichols. ‘We will hold JP Morgan Chase responsible to make certain that the rights and personal privacy of these Louisiana citizens is protected.'”
There is no statement on Chase’s UCard center site at the time of this posting.
Update 1: Reuters puts the number affected as 465,000.