The bank's spokesperson stated that the hackers siphoned gigabytes of information that included sensitive user data including names, physical addresses, phone numbers, and email account information along with JP Morgan Chase internal information. That being said, they didn't elaborate or define the term “internal information”.
And, according to a recent Bloomberg editorial, the password of an employee played a key role in the information security breach. Once again, no specifics were revealed about the employee or the individual's position with the company [1].
Despite the Commitment
According to a Reuters wire release in September of 2013, the Wall Street Journal's editorial coverage of security challenges affecting JP Morgan Chase, the largest U.S. bank based on assets, highlighted the banking institution's efforts to address the critical need for additional cybersecurity compliance protection to help ensure the protection of user data and the ever-increasing information security risk factors in today's business environment.
Based on the Wall Street Journal's report, JP Morgan Chase made a commitment to allocate an additional $3.9 billion-plus toward this cybersecurity problem. Additionally, the financial institution stated that it is prepared to allocate thousands of additional employees to help combat the increasing security risk challenges and compliance risk factors in response to intense regulatory investigations by authorities [2].
On the surface, all of this sounds like effective advance planning and responsive risk management preparation. It remains to be seen as to whether JP Morgan Chase has in fact, followed through on their stated commitments to increased security practices.
References:
[1] www.bloomberg.com/news/2014-10-02/jpmorgan-says-data-breach-affected-76-million-households.html
[2] www.reuters.com/article/2013/09/13/us-usa-jpmorgan-risk-idUSBRE98C00720130913
