The data breach major companies prove that the most sensitive personal
information is in danger
JPMorgan, the largest bank in USA, has financial information
in its computer systems that go beyond customers' credit card details and
their databases potentially include more sensitive data. Since JPMorgan
has migrated much of the sensitive customer data to computer networks to
get speed and efficiency, they now are vulnerable to security breaches and
related side effects.
By the time the bank's security team
discovered the breach in late July, hackers had already obtained the highest
level of administrative privilege to dozens of the bank's computer servers.
Poor data security practices
The details of the JPMorgan data breach are disclosed at a time when consumer
confidence in the digital operations of the corporate world is already
disturbed. The recent major IT breaches at Target (40 million cardholders
and 70 million others) or Home Depot (56 million cards) were alarming
and the worst is yet to come as until just a few weeks ago, executives
at JPMorgan said they believed that only one million accounts were affected,
while the actual figures are 76 million households and seven million small
businesses.
In many of the cases, the breaches are due to poor data security practices
or simple errors: like St. Vincent Breast Center in Indianapolis sending
63,000 letters containing information on upcoming appointments to the
wrong people, or Stanford Federal Credit Union accidentally attaching
a file with information on 18,000 customers to an email, or the thousands
of paper medical records dumped at a public incineration site in York,
Pennsylvania.
Forensics investigations on overtime
The cause of the data breach seems to be with hackers that had gained
access to some of the bank's computer servers. In some cases, laptops
or thumb drives containing information were stolen-in some cases with
apparently nothing more than the login password to protect the data.
As the severity of the became more clear in recent days, bank executives
scrambled for the second time in three months to contain the fallout and
to reassure nervous customers that no money had been taken and that their
financial information remained secure.
The hackers appeared to have obtained a list of the applications and programs
that run on JPMorgan's computers - a road map of sorts - which they could
crosscheck with known vulnerabilities in each program and web application,
in search of an entry point back into the bank's systems. They succeeded!
The apparent breadth and depth of the JPMorgan attack shows how vulnerable
the corporate world is to cybercrime. The bank's forensics investigations
are now working overtime, round the clock.
Click
here for the presentation on cybercrime from the 8th annual European
GRC summit and send us an email to receive a free Copenhagen Compliance®
Cybercrime Framework and Roadmap.