Breach. It’s a word that strikes fear in the hearts of company CEOs, bankers and consumer protection officials everywhere.
The breach of J.P. Morgan Chase and Company’s computer data may have affected as many as 465,000 consumers. But it’s the company’s response — rather than the breach itself — that is drawing the most media attention.
The breach occurred sometime in July and affected data on holders of U-Cards. Those are debit cards Chase issues to a variety of government bodies to pay claimants of unemployment insurance and other benefits. In Maine, roughly 1,300 people who collect unemployment benefits via the U-Cards may have been affected.
Data on claimants is usually encrypted in the Chase servers. However, during the breach some of that data appeared as plain text, there for the hackers to read. The data may have included claimants’ card numbers, dates of birth, user ID and email addresses. Their personal identification numbers apparently could not be viewed.
Maine uses unique identifiers, rather than Social Security numbers, to identify recipients. While many people whose data were accessed might understandably be concerned about their data being misused, the lack of connection to their SSNs should offer some comfort.
That does not mean those claimants should have no concerns. The Maine Department of Labor, which was informed Dec. 4 of the breach, is advising people who have the U-Cards to check their accounts for any suspicious activity. While state officials don’t believe the breach resulted in any loss of funds, they can’t check individual accounts; they suggest recipients call Chase’s customer service number at 866-315-1011 to be sure.
Chase officials have said, since there was no loss of funds, they don’t plan to issue new cards to those whose data were involved in the breach. Chase spokesman Michael Fusco is quoted as saying the bank acted appropriately.
“When we detected this issue, our first priority was to protect our systems, cardholders’ data and accounts,” Fusco said. After an internal investigation to find out what accounts and data might have been exposed, Chase alerted authorities and started notifying affected cardholders.
The word didn’t reach the Maine Department of Labor until Dec. 4, although the breach was discovered in mid-September. That gap did not make people like Labor Commissioner Jeanne Paquette happy. “The Department of Labor is looking into the situation surrounding the breach and why we were not informed sooner of this event,” Paquette said in a news release Dec. 6.
Maine law requires notification of those whose data were breached “without unreasonable delay” or, when law enforcement officials advise that notification will no longer impede their investigation, within seven days. Some consumer advocates are suspicious of longer delays, suspecting that companies whose data have been breached may shop around for sympathetic cops to approve delays while the firms get their ducks in a row.
The investigation into the Chase breach is continuing. Affected Mainers might also want to get a free credit report (we’re entitled to one each year from the three reporting agencies). Find the free ones online at www.AnnualCreditReport.com.
Consumer Forum is a collaboration of the Bangor Daily News and Northeast CONTACT, Maine’s all-volunteer, nonprofit consumer organization. For assistance with consumer-related issues, including consumer fraud and identity theft, or for information, write Consumer Forum, P.O. Box 486, Brewer 04412, visit http://necontact.wordpress.com or email firstname.lastname@example.org.