Sunday, October 05, 2014

Biggest bank in the US admits 83 million breach

The news that JPMorgan Chase & Co, which is the largest of the US banks with a reach that extends to half of all American households, has been breached will surprise nobody. At least not in the sense that this is old news, with a disclosure of the event happening in August. The actual breach was discovered by the bank back in July, and is thought to have been active for at least a month prior to that. What is surprising, however, is that a financial organisation of such a size and reputation should fall victim to such a breach in the first place. One highly placed individual in the IT security business told me over a pint that "if it can happen to JP Morgan then, frankly, it can happen to anyone" and that wasn't just the drink talking. Also surprising was the claim that a million accounts had been compromised during the breach, a claim made during the initial disclosure. Just before the weekend the surprise level went off the scale as the New York-based bank revealed, via a regulatory filing, that the actual numbers were a little higher. How much higher? How does 76 million households and 7 million small businesses higher strike you? Of course, this can be played down by comparing it to other mega-breach statistics: the Target attack last year hit 110 million accounts, and the more recent eBay hack 145 million. That doesn't make the JP Morgan numbers any the less striking though, this is a bank we are talking about after all and bloody great big one at that. Let's not forget that JP Morgan is that largest bank in the USA by measure of assets. It insists that no financial information has been compromised, and further that there has been no breach of login data. Email addresses, names, addresses, phone numbers have all been accessed though. To be honest, this is a case where it is less worrying what information has been breached than the fact that the breach happened in the first place.