A California woman was left appalled after finding out that Chase bank allowed dozens of strangers to be authorized users of her credit card - all without her knowledge.
Jodi Hayes, from Walnut Creek, was on a cruise ship vacation when she and her husband received an 'informed delivery' email from the U.S. Postal Service.
But the delivery was nothing she could've expected.
Thirty-five credit cards, all of which were in other people's names, showed up in her mail, ABC 7 reported.
Even worse - none of them were friends or family. They were names she had never even heard before. These 35 authorized users had the power to charge up to $19,000 on her card.
Jodi Hayes, from Walnut Creek, California, was shocked to find out on her vacation that 35 people had been added to her credit card as authorized users
Hayes called Chase bank while still on a cruise ship to ask what happened - but they didn't seem worried about the incident and attributed the mix-up to their systems glitching
They also had the ability to use the card and get up to $950 cash back.
'This fiasco ruined the end of our vacation,' Hayes told ABC 7.
Hayes and her husband were vacationing in August when they got the suspicious email, which prompted her to get in touch with Chase bank while still on the boat.
But she said Chase didn't seem too worried about the ordeal. In fact, according to her, they acted very normal toward the entire situation, attributing the mix-up to their systems.
'They were just very basic - oh okay yeah. Maybe it's some computer glitch. We'll stop it,' she added.
Chase also put her in touch with their fraud department who ended up calling her when she returned back from vacation.
Hayes assumed that the department would ask her more questions about the people who were now authorized under her own credit card. She even hoped that they would open an investigation into exactly what happened.
The authorized users that were under Hayes' credit card had the power to charge $19,000 on the card as well as use the card to get up to $950 cash back
Hayes ended up receiving applications from a slew of other banks - including Capital One, Discover and Citi Bank
But similar to Chase, the fraud department's response to the severity of the situation left her feeling unsatisfied at the way it was being handled.
They left her with zero explanation, telling her 'we'll take care of it, we'll send you a new card and a new number', Hayes added.
Frustrated by the companies responses, she called 7 On Your Side - an investigative branch of ABC News.
From there, Hayes was then put in touch with the United States Postal Inspection Service.
'My immediate reaction is that sounds like an identity fraud scheme,' said a U.S. Postal Inspector, Matthew Norfleet, to ABC 7.
'Search warrants, surveillance, grand jury subpoenas, those are all tools that we use to investigate fraud schemes big and small,' he added.
As recently as April of this year, National Public Data - which aggregates data to provide background checks - confirmed that it had suffered from a massive data breach involving Social Security numbers and a slew of other personal data on millions of Americans, according to USA Today.
News about the incident first came from a class action lawsuit filed in U.S. District Court in Fort Lauderdale, Florida.
That's when it was discovered that 2.9 billion records were stolen from National Public Data - the records including names, addresses, Social Security numbers and even relatives dating back to at least three decades.
But the scheme was even bigger than it looked. It didn't end with just Chase.
Hayes received an application from almost every bank - including Capital One, Discover and Citi Bank, ABC 7 added.
Thankfully, all of the cards were denied due to not having enough credit history.
'All of these names are the same as some of the people on the credit cards they sent. A lot of repeated names. Brittany Jackson like four times,' Hayes added.
Chase got Hayes in touch with their fraud department, whose response also left her unsatisfied - she hoped for an investigation, but instead they said they'd send over a new card
When reading off the names of the authorized users on her own credit card, none of the names sounded familiar until applications kept appearing and names started to repeat
Luckily, Hayes had a lockbox on her mailbox - keeping her mail and personal documents less prone to crime and significantly more secure than those without - and informed delivery.
In a statement that was emailed to 7 On Your Side Investigates, a Chase spokesperson wrote: 'We monitor customer accounts for suspicious activity and promptly contact them if something unusual is detected.'
'In this instance, our vigilant customer alerted us first. We closed the unauthorized cards, issued a new account and card and apologized for the inconvenience caused during her vacation.'
As of now, Hayes froze her credit card.
But the worst part is that the perpetrators could be anywhere - overseas or even right next door.
U.S. Postal Inspector, Matthew Norfleet, said that the second he heard of the incident, it instantly sounded like an identity fraud scheme. Pictured: JPMorganChase world headquarters
Thankfully, Hayes has 'informed delivery alerts' - which lets you know when mail is heading your way - and a lockbox on her mailbox, but the scheme still ruined her vacation
'Once somebody's figured out a fraud scheme, they are going to do it as many times as they can,' Norfleet added.
He noted that using the mail to commit any type of fraud scheme is a crime - one that carries up to 20 years.
If Hayes never had a lock box and 'informed delivery' - an alert that lets you know when mail is heading your way - the outcome of the situation could've gone very differently.
The U.S. Postal Service recommends both of the safeguards and noted that while you're traveling, it's always safer to have mail held at the post office until you return home.
At the end of the day, no mailbox is safe from an attempted fraud scheme.
'I have good credit, but I've never seen anything like this ever,' Hayes added.