According to the Reuters, the cyber attack happened back in July on their UCARD website "www.ucard.chase.com". However, the breach was only detected in the mid-September.
The company says the personal info of customers are encrypted. However, during the cyber attack, some data temporarily "appeared in plain text in files the computers use to log activity".
Though small amount of data was accessed, the company found no evidence showing that sensitive data such social security number, email id,date of birth were compromised.
Only Ucard users are affected by this security breach, others are not affected. Affected customers are being offered free credit-monitoring services for one year.
The company says it has fixed the issued and FBI & Secret service are investigation the incident to find out the attackers behind the breach.