SALT LAKE CITY -- Some of Utah's Department of Workforce Services customers have been affected by a recent data breach.
A statement issued Friday by the state agency said that
JPMorgan Chase, the contractor in charge of delivering federal and state benefits through the electronic UCard, confirmed that the breach had occurred on the bank's servers, allowing personal information of UCard users to be inappropriately accessed between July 17 and Sept. 17.
The UCard is an electronic payment card loaded with funds for training, unemployment insurance and payroll for some state employees.
Nic Dunn, public information officer for DWS, said the agency has contracted with JPMorgan since 2009.
"JPMorgan told us it doesn't look like any money was stolen," Dunn said. "They shut down their servers on Sept. 17 and began an investigation process."
The breach affects UCard users in other states as well. Utah's pool of affected customers falls somewhere between 3,000 and 97,000, Dunn said.
"They couldn't tell us the number in that range," Dunn said, so DWS Executive Director Jon Pierpont asked JPMorgan to send notices to all of its UCard holders.
Most DWS customers should be fine, Dunn said, noting that clients receiving food stamp benefits are not affected by the breach. He also underscored that the problem had nothing to do with the DWS network itself.
"The department is committed to protecting Utahns' personal information," Pierpont said in Friday's statement, "and will work closely with JPMorgan to do everything possible to protect the security of our customers."
Pierpont also expressed frustration about the breach of the bank's servers and said that DWS is carefully reviewing its relationship with JPMorgan.
"Our No. 1 priority is providing secure, quality service to our customers, and we will work to ensure all our private sector partners maintain that standard," Pierpont said.
The department said it will release more details about the breach as they emerge. In the meantime, DWS is urging UCard customers seeking more information to contact JPMorgan directly at 866-849-5255.
JPMorgan spokesman Michael Fusco said via email Friday that they'd found no evidence of the information being used improperly.
"We will continue to monitor," Fusco said. "As a precaution, we will notify all affected cardholders and offer them free credit monitoring."
The bank is urging cardholders to report any transactions they don't recognize by calling the number on the back of their card.
Earlier this week, Reuters reported that a JPMorgan spokesman said that 465,000 UCard users nationwide may have had some personal information compromised due to hacking. At that time, the bank believed only a small amount of noncritical data might have been taken. Theft of Social Security numbers and birth dates had not been definitively ruled out.
The bank has promised one free year of credit monitoring to those affected by the breach, Dunn said. Customers can also request replacement UCards.
Contact reporter Cathy McKitrick at 801-625-4214 or firstname.lastname@example.org. Follow her on Twitter at @catmck.