Nearly half a million JPMorgan customers could have had their personal information accessed by hackers after cyber attacks targeted thousands of pre-paid card users.
JPM announced that its web servers used by its site www.ucard.chase.com had been breached in the middle of September but the bank said pre-paid cardholders' information was also accessed in July.
JPM confirmed that these types of cards were issued for corporations to pay employees and for government agencies to issue tax refunds, unemployment compensation and other benefits.
It also said that JPM typically keeps the personal information of its customers encrypted, or scrambled, as a security precaution.
However, JPM tried to quell customer concerns by stating that "only a small amount of information" had been taken and that this does not include social security numbers, birth dates and email addresses.
This is despite personal data belonging to those customers temporarily appearing in plain text in files the computers use to log activity.
US based JPM spokesman Michael Fusco said "in the months since the breach was discovered the bank has been investigating to find out exactly which accounts were involved and what pieces of information could have been taken."
However the bank declined from discussing how the hackers breached JPM's network.
Fusco added that the bank is notifying the cardholders, who represent 2% of its roughly 25 million UCard users.
In May of this year US prosecutors said a global cybercrime ring had stolen $45m from banks across 27 countries by hacking into credit card processing firms and withdrawing money via ATMs.