The CotoBuzz Journal, Community Journalism

"The security of your information is important to us and we strive to handle it with care and discretion at all times", reads a letter date January 12, 2010 sent using CHASE's stationary and signed by Bo Davies, Director National Client Service Center, the letter then continues: "We are writing to let you know that your name, address and account number(s) may have been viewed inappropriately".

Do not fear however, because the institution, "As soon as the error was discovered, the file was removed from the website". Not only that, but Chase, "...as a precaution, we want to offer you one year of Chase Identity Protection™ , a credit monitoring service, free of charge." The rest of the letter makes the argument as to why it is important for anyone to purchase the Chase service, and includes an application for the Chase Identity Protection™. If the recipient decided to take Chase up on the offer, a slip is including requesting a signature and a social security number.

So, is this a hoax? Or is this simply a convenient breach of security to promote Chase's protection plan? As of this writing we do not know. We have asked Chase to confirm the letters originated with Chase.

As suggested by the Chase.com website, we sent an email to "Chase Risk" <accountatrisk@chase.com>, given that the letter seemed somewhat suspicious. Today we received a response from Chase Risk stating in part "Although the e-mail appears to be from Chase, it is not. It has been designed by fraudsters with the intent to trick you into providing private information about yourself and your accounts. It works like this: Phishers target the customers of large companies. They phish millions of e-mail accounts, knowing that many of their targets will be among the recipients. In the process, they end up sending an email to many people who aren't customers."

The response appears to be simply a canned answer, as it does not acknowledge that the questionable document is a Chase letter, as opposed to an email. So, we decided to see if we could get a live person.

We dialed 800-678-1874, the number listed in the original Chase letter, "if you have any questions on this matter". A person promptly responded and without hesitation told us the questionable letter indeed came from Chase. He informed us that late last year, the letter mailing service used by Chase posted names, address and account numbers on a website, compromising the privacy of Chase customers, which is why Chase was offering free for one year, the Chase Identity Protection service.

We asked the gentleman why "Chase Risk" <accountatrisk@chase.com> had informed us that the letter was a scam, and the reply in essence was, "you have to know the right person".

If we compromise your security, get our monitoring services!

The question remains: is this a hoax? Or is this simply a convenient breach of security to promote Chase's protection plan? Given what we now know, we are even more concerned about privacy!

Hoax Or Convenient Security Breach? UPDATE