JP Morgan has warned almost half a million of its pre-paid cash card users their personal information may have been stolen in a hacker attack.

The bank believes critical information like social security numbers; birth dates and email addresses were not affected. Such data is used in identity theft, allowing criminals to open bank accounts and obtain credit cards.

Client information is securely encrypted or scrambled, but the central computer’s log activity temporarily appears in plain text files, and this is what was hacked.

The 465,000 affected UCards are used by corporations to pay salaries and by government agencies to issue tax refunds, unemployment compensation and other benefits.

Holders of debit cards, credit cards or prepaid Liquid cards were not affected.

The number of cardholders affected is about 2 percent of the 25 million UCard users.

The hackers attacked servers belonging to JP Morgan’s UCard website in July, and the breach was detected in September, Reuters reports. At the time the bank fixed the loophole and reported the attack to the authorities.

The FBI and Secret Service are investigating the matter, and the Bank says it has no clue who is behind the attack.

JPMorgan has decided not to issue replacement cards, as so far no thefts from accounts or other crimes have been detected.