Privacy Ninja

Chase Bank Accidentally Leaked Customer Info to Other Customers

Chase Bank Accidentally Leaked Customer Info to Other Customers

Chase Bank has admitted to the presence of a technical bug on its online banking website and app that allowed accidental leakage of customer banking information to other customers.

New York City-based JPMorgan Chase Bank is a financial services giant with a $120 billion annual revenue and over 250,000 employees worldwide.

Banking statements, account numbers and balances exposed

Personal details of Chase bank customers including statements, transaction list, names, and account numbers were potentially exposed to other Chase banking members.

The issue is believed to have lasted between May 24th and July 14th this year, and impacted both online banking and Chase Mobile app customers who shared similar information.

In a copy of the data incident notice seen by BleepingComputer, shown below, Chase blamed a “technical issue” for this mishap.

“We learned of a technical issue here that may have mistakenly allowed another customer with similar personal information to see your account information on chase.com or in the Chase Mobile app, or receive your account statements,” states the notice.

It isn’t imminently clear how or under what circumstances was a customer able to see other customers’ private information.

The notice is also vague on whether the issue impacted a specific group: credit card holders, personal or business banking customers—or everyone.

Chase Bank has found no evidence thus far indicating that the information was misused.

Also Read: 4 Reasons to Outsource Penetration Testing Services

Affected customers provided with free credit monitoring

As a standard industry practice, Chase Bank is in the process of notifying the affected individuals and providing them with free credit monitoring services.

“We are sorry for letting you down and would like to offer you one year of free credit monitoring through Experian’s® IdentityWorks®,” states Chase.

Affected customers will receive a unique activation code in the data incident notification letter that they can use to signup for the service.

In 2014, the banking giant was hit by a massive data breach which is believed to have compromised data of over 83 million accounts, raising concerns about phishing attacks.

Although there is no indication of data misuse associated with this incident so far, individuals should remain vigilant and be on the lookout for any “Chase” phishing emails they may receive in the near future.

BleepingComputer has asked Chase specific questions including how many customers were impacted by this issue and what was its cause. We are awaiting their response.

Also Read: Vulnerability Assessment vs Penetration Testing: Why You Need Both

Header image from Wikipedia, licensed CC-BY-SA 3.0.

Outsourced Data Protection Officer – It is mandatory to appoint a Data Protection Officer. We help our clients quickly comply with their PDPA & data protection requirements.

Vulnerability Assessment Penetration Testing – Find loopholes in your websites, mobile apps or systems.

Smart Contract Audit – Leverage our industry-leading suite of blockchain security analysis tools, combined with hands-on review from our veteran smart contract auditors.

0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Powered by WhatsApp Chat

× Chat with us