SALT LAKE CITY — Utahns receiving federal and state benefits through an electronic payment card may have had personal information inappropriately accessed, the Department of Workforce Services announced Friday.
The personal information of an unknown amount of customers was accessed during a data breach at contractor JP Morgan Chase that occurred from July 17 to Sept. 17. The Utah DWS was informed of the breach this week.
"We're still working with JP Morgan to find out all of the details, we don't know exactly what may have been accessed or stolen," said Utah DWS public information officer Nic Dunn. "The type of information accessed includes potentially social security numbers, names and addresses, login passwords, card numbers and security questions for when you create that login."
The breach affects DWS customers who use a UCard, which is an electronic card that behaves like a debit card to pay for training, obtain unemployment benefits or payroll for some state employees. Around 97,000 people use UCards in Utah.
Dunn said they believe only a small number of customers had their information breached, but the DWS compelled JP Morgan to send out notices to all 97,000 customers. The notices are in the process of being sent out, he said.
An early estimate of the number of people affected was 3,000, Dunn said.
"Fortunately it doesn't look like any money was stolen or identities were stolen or that there was any other fraudulent activity with these accounts," he said.
He said their customer's security is their first priority and it is frustrating to have customers' accounts exposed because of a breach with a private contractor. The DWS will be closely examining how their relationship with JP Morgan will move forward, he said.
"These are people who come to us in a tumultuous time in their lives," Dunn said. "They're looking for a little bit of extra assistance to just help them get back on their feet so they can re-enter the workforce and we want to provide a safe, secure place for them to come and get those resources."
Customers worried about their UCard accounts should monitor their accounts for unusual activity, Dunn said. JP Morgan is going to offer one free year of credit monitoring to all of these 97,000 customers.
Those who think they may be a victim of the data breach can contact JP Morgan directly at 866-849-5255.