Chase Bank Accidentally Leaked Customer Info to Other Customers

Chase Bank has admitted to the presence of a technical bug on its online banking website and app that allowed accidental leakage of customer banking information to other customers.

New York City-based JPMorgan Chase Bank is a financial services giant with a $120 billion annual revenue and over 250,000 employees worldwide.

Banking statements, account numbers and balances exposed

Personal details of Chase bank customers including statements, transaction list, names, and account numbers were potentially exposed to other Chase banking members.

The issue is believed to have lasted between May 24th and July 14th this year, and impacted both online banking and Chase Mobile app customers who shared similar information.

In a copy of the data incident notice seen by BleepingComputer, shown below, Chase blamed a “technical issue” for this mishap.

“We learned of a technical issue here that may have mistakenly allowed another customer with similar personal information to see your account information on chase.com or in the Chase Mobile app, or receive your account statements,” states the notice.

It isn’t imminently clear how or under what circumstances was a customer able to see other customers’ private information.

The notice is also vague on whether the issue impacted a specific group: credit card holders, personal or business banking customers—or everyone.

Chase Bank has found no evidence thus far indicating that the information was misused.

Also Read: 4 Reasons to Outsource Penetration Testing Services

Affected customers provided with free credit monitoring

As a standard industry practice, Chase Bank is in the process of notifying the affected individuals and providing them with free credit monitoring services.

“We are sorry for letting you down and would like to offer you one year of free credit monitoring through Experian’s® IdentityWorks®,” states Chase.

Affected customers will receive a unique activation code in the data incident notification letter that they can use to signup for the service.

In 2014, the banking giant was hit by a massive data breach which is believed to have compromised data of over 83 million accounts, raising concerns about phishing attacks.

Although there is no indication of data misuse associated with this incident so far, individuals should remain vigilant and be on the lookout for any “Chase” phishing emails they may receive in the near future.

BleepingComputer has asked Chase specific questions including how many customers were impacted by this issue and what was its cause. We are awaiting their response.

Also Read: Vulnerability Assessment vs Penetration Testing: Why You Need Both

Header image from Wikipedia, licensed CC-BY-SA 3.0.