Recent data breaches raise more questions about data security, National Security
In the wake of JPMorgan’s 76 million record data breach, questions about our nation’s security and how corporation respond to such breaches are being questioned. This type of questioning is fairly common after a breach of this magnitude. But, when you factor in unrest in the Middle East and in Ukraine along with the large jump in JPMorgan’s originally reported number versus the actual number of records affected, things are different this time around.
The biggest question asked in relation to the most recent attacks was “what is the motive of the attack?” This was asked my many people, the most important one being the President. The only problem with this question is, there is no answer. We don’t know if this was an attack by the Islamic State, retaliation by Putin, or just a case of cyber theft. None of this is clear at the moment.
While the source of the attack remains unknown, the FBI has what they believe are the IP addresses from where the attack originated. These IP addresses were provided to other financial institutions to see how many other attempts were made at accessing private information. Through communications back to the FBI and among the banks themselves, it was determined the hackers had attempted to steal data from at least 12 other financial institutions.
Much like the Target, Neiman Marcus, TJ Maxx, and Michael’s did late last year, this most recent data breach is causing a lot of lawmakers to readdress how and when companies disclose information to their clients. JPMorgan is currently under investigation to see if they acted quickly enough in contacting their customers. However, under state and federal law JPMorgan technically did not have to contact customers regarding the breach because only contact data was breached, not account information. The flip side to this is, does JPMorgan actually know for a fact no account information was compromised? Their initial estimate of records stolen was 75 million off of the actual amount, how do we know they are sure no account information was taken? Why isn’t all data treated equally when it comes to being stolen?
In JPMorgan’s defense they did take the necessary steps and go through the proper channels to make sure they covered all aspects of the breach. This was the cause for the delay in getting accurate numbers, and allowed them to confidently say no account information was breached. Also, since the Target attack prosecutors from Illinois and Connecticut (the two states involved in the Target breach) have been meeting monthly with a larger group as part of a privacy task force. They are continually discussing matters such as response times, and actions that companies must take after a breach has been detected.