Newsletter | Volume 1

Issue I
Issue II
Issue III
Issue IV
Issue V
Issue VI
Issue VII
Issue VIII
Issue IX
Issue X
Issue XI
Issue XII
Issue XIII
Issue XIV
Issue XV
Issue XVI

click here to

Subscribe to our newsletter



To Unsubscribe click here

The data breach major companies prove that the most sensitive personal information is in danger

JPMorgan, the largest bank in USA, has financial information in its computer systems that go beyond customers' credit card details and their databases potentially include more sensitive data. Since JPMorgan has migrated much of the sensitive customer data to computer networks to get speed and efficiency, they now are vulnerable to security breaches and related side effects.

By the time the bank's security team discovered the breach in late July, hackers had already obtained the highest level of administrative privilege to dozens of the bank's computer servers.

Poor data security practices
The details of the JPMorgan data breach are disclosed at a time when consumer confidence in the digital operations of the corporate world is already disturbed. The recent major IT breaches at Target (40 million cardholders and 70 million others) or Home Depot (56 million cards) were alarming and the worst is yet to come as until just a few weeks ago, executives at JPMorgan said they believed that only one million accounts were affected, while the actual figures are 76 million households and seven million small businesses.

In many of the cases, the breaches are due to poor data security practices or simple errors: like St. Vincent Breast Center in Indianapolis sending 63,000 letters containing information on upcoming appointments to the wrong people, or Stanford Federal Credit Union accidentally attaching a file with information on 18,000 customers to an email, or the thousands of paper medical records dumped at a public incineration site in York, Pennsylvania.

Forensics investigations on overtime
The cause of the data breach seems to be with hackers that had gained access to some of the bank's computer servers. In some cases, laptops or thumb drives containing information were stolen-in some cases with apparently nothing more than the login password to protect the data.

As the severity of the became more clear in recent days, bank executives scrambled for the second time in three months to contain the fallout and to reassure nervous customers that no money had been taken and that their financial information remained secure.

The hackers appeared to have obtained a list of the applications and programs that run on JPMorgan's computers - a road map of sorts - which they could crosscheck with known vulnerabilities in each program and web application, in search of an entry point back into the bank's systems. They succeeded!

The apparent breadth and depth of the JPMorgan attack shows how vulnerable the corporate world is to cybercrime. The bank's forensics investigations are now working overtime, round the clock.

Click here for the presentation on cybercrime from the 8th annual European GRC summit and send us an email to receive a free Copenhagen Compliance® Cybercrime Framework and Roadmap.