More than 14,000 Connecticut residents may have had their personal information compromised in a data breach from JP Morgan Chase.
The security lapse involves pre-paid debit cards issued to people who receive state payments, such as unemployment benefits, child support or tax refunds. A cyber attack on servers at JP Morgan Chase that support its U-Card website could have exposed customers' information.
Connecticut isn't the only state involved. Almost half a million accounts across the country could have been compromised.
The attacks took place over two months from mid-July, but the state has only just been notified. Connecticut's Deputy Treasurer, Christine Shaw said she's shocked it took the bank so long to contact her office. "Very surprised, very concerned," she said, "quite dismayed that we only just learned of this breach."
"There is a contract that outlines the responsibilities of JP Morgan Chase, regarding these cards," Shaw said. "Quite clearly, the company was obligated to notify the state of any breach of this nature. That is a matter that we will be taking up pointedly with the company."
JP Morgan Chase has been told to notify all affected card holders, and to offer two years of free credit monitoring.