This post contains references to products from one or more of our advertisers. We may receive compensation when you click on links to those products. For an explanation of our Advertising Policy, visit this page.
On Wednesday, Chase’s website experienced a significant security issue which exposed customers’ sensitive financial data. Numerous reports from Chase customers say that they logged in only to find the account information of another Chase customer.
A report of the breach was filed by Chase customer Jason Kessler, who detailed how his fiancée logged into Chase on Wednesday to find the full account information of a person they had never met.
Given that full account access was available to those that logged in, this means that the glitch exposed all of the following data: Full name, log-in username, phone number(s), email address(es), mailing address(es), income, travel plans and any other personal information that you’ve stored in your Chase profile.
This created a situation in which some customers were notified of the glitch by receiving calls from the people who had inadvertently logged into the wrong account.
In addition to leaking personal information, those who were granted unauthorized access to accounts would have been able to see the user’s transaction history and make transfers between accounts, payments, etc.
In a statement to Bloomberg Thursday morning, Chase spokesperson Trish Wexler confirmed the issue existed and that it’s now been fixed. Wexler says Chase is “still investigating now, but at this point believe it was extremely limited in scope.” For now, the bank “knows of no unauthorized transactions, but would work with customers to resolve any problems.”
TPG reached out to Chase for comment but did not receive an immediate response.
This story has been amended to substitute the word “glitch” for “breach” in the text, as this issue was caused by a technical problem rather than a security breach.
Featured image by Roberto Machado Noa/LightRocket via Getty Images