Free Essay

Data Breaches

In: Computers and Technology

Submitted By dBax617
Words 1557
Pages 7
Daniel Baxter
Nico Ferragamo
Han Vo
Romilla Syed
IT 110
8 December 2015
Data Breaches
The Case
In July of 2014 JPMorgan Chase, a multinational banking and financial services holding company was hacked. JPMorgan Chase is the largest bank in the United States, the sixth largest bank in the world, and the world’s third largest public company. Initial reports from JPMorgan Chase stated that the attack had only breached about one million accounts. Further details revealed that the hack breached the accounts of seventy-six million households (roughly two-thirds of the total number of households in the United States), and about seven million small businesses. While the hack began in July, it was not fully stopped until the middle of August, and it was not disclosed to the public until September. The hack is considered to be one of the most serious attacks on an American Corporation’s information systems and is one of the largest data breaches in history. JPMorgan Chase claims that the login information associated with the accounts (such as social security numbers and passwords) was not compromised, and the information that was stolen had not been involved in any fraudulent activities, however, the names, email addresses, physical addresses, and phone numbers on the accounts were taken by the hackers. The hack was believed to have been committed by a group of Russian hackers. It’s also believed to have been part of a large ring of attempted attacks on as many as nine banks and financial corporations. These include, but are not limited to: Citigroup, HSBC Holdings, E*Trade, Regions Financial Corporation and payroll-service firm Automatic Data Processing (ADP). The only other institution believed to have had data stolen was Fidelity Investments. Dan Kaminsky, a researcher and chief scientist at the White Ops Security Company, eloquently summarized the effect that the digital age is having on the economy: “We’ve migrated so much of our economy to computer networks because they are faster and more efficient, but there are side effects” (New York Times Web).
The Implications
The timing of this data breach was especially inopportune, as it occurred when consumer confidence in American corporations’ security has already been compromised. When the extent of the attack became more apparent, JPMorgan Chase’s Executives had to scramble in an attempt to contain the fallout, as well as convince their customers that no money had been taken from their accounts and that their financial information was still secure. Jessica Silver-Greenberg, Matthew Goldstein, and Nicole Perlroth of the New York Times discussed the effect this breach had on the American public’s view of banks:
Still, until the JPMorgan breach surfaced in July, banks were viewed as relatively safe from online assaults because of their investment in defenses and trained security staff. Most previous breaches at banks have involved stealing personal identification numbers for A.T.M. accounts, not burrowing deep into the internal workings of a bank’s computer systems. (New York Times Web)
Although no financial information was breached, the virtual seriousness of the breach demonstrated how vulnerable financial institutions are to cyber-attacks. In past cyber-attacks on financial institutions, such the 2011 hack of the NASDAQ stock market, the hackers were unable to breach the part of the system that handles the actual information (in this case, the stock trades). The implications of the breach are not only that the customers’ confidence in their bank was shaken, or even that millions of customers’ data could now be used in phishing scams, but also that this breach set a new precedent for what could happen if a corporation’s security is less than stellar.
The Measures Big companies spend incredulous amounts of money, a quarter of a billion dollars in this case, on their security systems, which in theory should make attacks such as the one on JPMorgan Chase a thing of the past. The problem is, while these sophisticated and expensive are all but fool proof, they are not idiot proof. You see, the bank instituted two-factor authentication on their servers prior to the attack. This meant that any hackers would need access to a customer’s email address or phone in order to gain access to their account. This specific security measure could have prevented the hack altogether. The only problem was an oversight. There was a much smaller hack, in the Spring of 2014, in which some employee data when hackers gained access to the bank through a, rather outdated, server that had not been updated to support two-factor authentication. The hacks could have been stopped there when the server was discovered, but instead it was ignored, until the customers’ data was breached that is. This issue seems simple enough to fix, but it is oddly complex. In this specific case, the vulnerability was brought to the banks attention during the earlier and smaller data breach, which in my opinions means that it should’ve been fixed immediately with a simple server update, or server shutdown. But what if there was no earlier breach? If there was no early breach, then the outdated server would never have been brought to the bank’s attention, and it would’ve been much harder to fix. The bank’s electronic presence is so vast that a small oversight like that could be the easiest thing in the world to fix, but it could still be the hardest thing in the world to find. The best way to combat oversights like this would be to have scheduled server maintenance as often as possible without interfering with business. The problem with that is because of the sheer size of many companies, including JPMorgan Chase, any time a server is down for maintenance or testing, it indubitably will interfere with business. This causes corporations to overlook regular server maintenance and just hope for the best, leaving them wide open to attacks. To make breaches like this a thing of the past corporations will have to start putting security ahead of profits. The three main implications of this are as follows: the customers’ confidence in their bank was shaken, the customers’ data was perfect for use in phishing scams, and many people, including people who aren’t customers of the bank, had their confidence shaken in all corporate security. In order to work against their customer’s confidence being shaken, the bank need to make a commitment to make security of their customers’ data a higher priority. They should perform regular server maintenance and testing at least once a month, in order to prevent any similar oversights that may occur, and they should also make sure all customer data is encrypted so that even in the case of a breach the information is safe. Encrypting the information is also an excellent way to prevent against phishing scams. To ensure their customers’ don’t fall for the emails that have already gone out though, they could and should send out emails to everyone’s whose data was breached warning them against phishing scams and telling them the rules to identifying phishing emails. It’s going to be much harder to combat everyone’s faith in corporate security being shaken, but the best way to fight this is to go the route of Mega, the file hosting site. What Mega does with their files is very unique in that it doesn’t even give the company access to the encryption key. This formulas would have to be adjusted for different kinds of corporations like banks where the company needs the information sometimes, but they could make it so the customer would just share the encryption key, if and when the bank needed to access the info, and then the key would be changed. This could prove to be a bit of a hassle for the customer, but it could be an opt-in program for customers and businesses who need the extra security.
The Conclusion In 2014, America’s largest bank was breached and two-third of the population of the United States as well as seven million small business had their data stolen due to an outdated, and overlooked, server. This caused the customers’ confidence in their bank to be shaken, and meant that millions of customers’ data could now be used in phishing scams. It also meant that this breach set a new precedent for what can happen if a corporation’s security is subpar. The best way to make sure this doesn’t happen again is to implement regular server maintenance, as well as to encrypt customer data. It would be a decent idea to give the customers sole possession of the encryption key so they can’t be found on the bank’s servers.

Works Cited
"JPMorgan Chase Hacking Affects 76 Million Households." DealBook JPMorgan Chase Hacking Affects 76 Million Households Comments. N.p., 02 Oct. 2014. Web. 08 Dec. 2015. <http://dealbook.nytimes.com/2014/10/02/jpmorgan-discovers-further-cyber-security-issues/?_r=0>.
"Neglected Server Provided Entry for JPMorgan Hackers." DealBook Neglected Server Provided Entry for JPMorgan Hackers Comments. N.p., 22 Dec. 2014. Web. 08 Dec. 2015. <http://dealbook.nytimes.com/2014/12/22/entry-point-of-jpmorgan-data-breach-is-identified/>.
Wikipedia. Wikimedia Foundation, n.d. Web. 08 Dec. 2015. <http://en.wikipedia.org/wiki/2014_JPMorgan_Chase_data_breach>.
Wikipedia. Wikimedia Foundation, n.d. Web. 08 Dec. 2015. <http://en.wikipedia.org/wiki/JPMorgan_Chase>.…...

Similar Documents

Free Essay

Cybersecurity Target/Neiman Marcus Data Breaches

...The title says it all. “Can data breaches be prevented? Congress and companies answer: For now, no.” At a congressional hearing that took place Tuesday, February 4th through Wednesday, February 5th, executives from Target and Neiman Marcus reported that they are still in the dark as to how they could have better secured their consumers from cybercriminals. The breaches to the two industry titans occurred between July and October of 2013 for Neiman Marcus, who logged some 1.1 million customers whose payment card and personal information were hacked, and between Thanksgiving and December 8th of last year for Target, where payment card information of over 40 million customers and the personal contact information of some 70 million people was compromised. These recent hackings “compromised the privacy and security of millions of consumers… (and the ensuing) erosion of consumers’ confidence, with data breaches on the rise affecting retailers, Internet companies and others, could hinder the U.S. economy’s recovery,” said Sen. Patrick Leahy (D-VT), the chairman of the panel of the Senate Judiciary Committee hearing testimony from the Target and Neiman Marcus officials. Unfortunately for this situation, the primary legal tool against cyber criminals is the Computer Fraud and Abuse Act, which “mainly prohibits unauthorized access to a computer – a limited and increasingly outdated legal standard,” said Seattle U.S. Attorney and chair of the Attorney Generals cyber-crime......

Words: 742 - Pages: 3

Free Essay

Personally Identifiable Information (Pii) and Data Breaches

...(PII) and Data Breaches By Stevie D. Diggs University Maryland University College IFSM201 Section 7974 Semester 1309 Personally Identifiable Information (PII) and Data Breaches Knowing and training on personally identifiable information (PII) is important in today’s society. There has been research on data breaches and identity theft that links them both together. This is to help personnel have a clear understanding on the impact of what is at steak and an explanation of PII. Many businesses and organizations have different definition for PII because of the classification of data for each, and that is why understanding PII is important. Examples of PII include, but are not limited to the following: full name, maiden name, mother‘s maiden name, or alias; personal identification number, social security number (SSN), passport number, driver‘s license number, taxpayer identification number, or financial account or credit card number; address information, street address or email address; personal characteristics, including photographic image, fingerprints, handwriting, or other biometric data. How do you protect PII? Who has access to PII? Who are affected by data breaches and identity theft? How to prevent data breaches and identity theft? The research introduced in this essay is from Verizon along with multiple articles involving military and organizations. PII is defined definitely by military and organizations. Training along with knowing ways to prevent data breaches......

Words: 1541 - Pages: 7

Free Essay

Security Breaches

...The attack on the U.S. on 9/11 was a well-choreographed event that left the world stunned. There were many breaches of security, from the FBI/CIA, Customs and Border Patrol to TSA and everyone in between. The FBI/CIA failed to follow up on credible threats against the US. They stated” they had no real warning of the Sept 11th attacks.” However a few days after the attack they were able to identify all sixteen (16) hijackers. (MalcontentX) According to the 9/11 Commission report Immigration and Customs lost track of Hazmi and Mihdhar as they left the Los Angeles airport. Hazmi and Mihdhar were terrorist operatives selected by Usama Bin Ladin to carry out the attacks against the U.S. Once in the U.S. they were able to take classes to learn English, and enroll in flight school. The FAA and Air Traffic Controllers failed to properly recognize the situation, Air . If all levels of the sir defense system worked properly then If all the agencies had worked together shared preliminary information and followed up with leads then this attack could possibly been avoided. I think that one of the biggest security breaches was committed by the TSA and the airlines. Prior to 9/11 security at airports was inadequate. Passengers would walk through a metal detector to deter someone from carrying a weapon. Since 9/11 passengers believe that security is nothing more than a hassle and waste time. According to the website FARECOMPARE there are nine airport security changes since 9/11.......

Words: 713 - Pages: 3

Premium Essay

Data Breaches

...Top Six Data Breach Trends for 2014 April 28, 2014 Article Reference Griffin, Joel. "Top six data breach trends for 2014." SecurityInfoWatch.com. N.p., 10 Jan. 2014. Web. 29 Apr. 2014. Summary This class has been absolutely phenomenal. I have been in the tech industry for about 5-6 years now and just recently started developing iOS apps and websites about 1-2 years ago and am still new and learning each and every day, but I haven’t really ever enjoyed a class this much. I have been reading articles each week for these research papers that are required weekly and due to the requirement of breaking them down and performing a “dive deep” on them, I have really been able to relate what we are learning in school to actual life and real life situations. The article that I choose for this week is from Security Info Watch and it discusses the future of data breaches this year and things that we could encounter over the time frame of this year and next decade as technology continues to grow at the rate it is growing. It compare the big breach with Target and aligns it to other situations that are possibilities with the way we use our technology. One of the big theories that the article through out was that we are going to run into issues with all of this cloud computing and big data and that society is very vulnerable to a big data cloud breach. Apple has started the whole ball rolling with cloud computing storing all of......

Words: 681 - Pages: 3

Free Essay

Preventing Security Breaches

... Preventing Security Breaches: Collaborative Summary Shemeika Montgomery BIS/221 October 23, 2014 Dr. Tracey Ragin Preventing security breaches is a very difficult task to prevent in today’s world. There are many information technologists that do their best on a daily basis to prevent data leakage. There are very skilled criminal individuals in the world that can breach any kind of security. It is best to keep all businesses safe to protect yourselves and to protect the customers as well as employees. Computer systems can be affected by viruses, Trojan horses, worms, and other types of malicious software causing them to perform ineffectively and maliciously. It is very true that if a skilled data thief wants your information badly, the chances are they will get it. So it is in everyone’s best interest that everything is done to stay secure. By coming up with strong passwords and changing them frequently is a good start. Be sure to never use the password more than once. It’s best to set up a two - factor authentication which sends a secret code to your phone verifying your identity. Securing your browser will help keep your information secure as well. Be sure to test your browser’s configuration for weakness. Another awesome thing to do is to stop transmission of data that is not encrypted and instruct encryption of all data. Educating and training employees will also help the business. Establishing a written policy about data security to inform employees about what......

Words: 392 - Pages: 2

Premium Essay

Data Breaches

...How Do Data Breaches Occur? * Employee loses an unencrypted portable device (smartphones, laptop, thumb drive, backup tape) * Property crimes (computers prime targets) * Inside job (employee steals information) * Stray faxes, emails * Phishing scams and increasingly, Spear-Phishing (social engineering) * Malware / virus attacks (especially when working remotely on an unsecured network) * Failure to purge/scrub computing devices scheduled for destruction * Weaknesses in "Cloud" security Greek Market Vs Global Market – Security Incidents PWC – Information Security Survey 2013 “Must Do” Security Actions 1. Implement User Education & Awareness : * Communicating safely and responsibly * Using social media wisely * Transferring digital files in a safe way * Proper Password usage * Avoiding losing important information * Ensuring only the right people can read your information * Staying safe from viruses and other malware * Who to alert when you notice potential security incident? * Knowing how not to be tricked into giving information away This will ensure that all personnel who have access to information and information systems understand their daily responsibilities to handle, protect and support the company’s information security activities 2. Keep System up to date Systems and software, including networking equipment, should be updated as patches and firmware upgrades......

Words: 681 - Pages: 3

Premium Essay

Case Study Data Breaches and Regulatory Requirements

...wertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnm Case Study2: Data Breaches and Regulatory Requirements Erica Benson CIS 324 Computer EthicsProfessor Stephens5/17/201 | Describe the data breach incident and the primary causes of the data breach? Inmates at a men’s State Correctional Facility in Concord, New Hampshire were working on a closed network in the correctional industries part of the prison. The area where the computers are, there are minimal supervision one guard and one civilian overseeing all inmates in the industrial shop. There are a total of 24 inmates that have access to the network the inmates have pass codes to access the IT system. The network was used to track invoices and billing for correctional industries contracts. The inmates were able to access the main offender management data system CORIS, Corrections Offender Records and Information System, the data base system was used to store and manage all correctional facility records addresses, contact information for prison staff members, sentencing, parole dates, status history, risk profile, treatment, and tracking. How the breach happened was the inmates connected a single wire to that of a staff members computer once in......

Words: 1570 - Pages: 7

Premium Essay

Preventing Security Breaches

...Preventing Security Breaches BIS 221 November 18, 2014  My group discussed what it is that businesses can do to help prevent security breaches inside their companies. We consulted with an article at “Business News Daily” and decided that the two most important things that a company can do to prevent these security breaches is to do proper training and to have physical security measures present. Throughout my history of working with technology and big data, I have found that proper training and onsite security is more effective than any other forms of security. By having physical security measures present in the form of screen shields, security workers, and blocked passageways with gates and security doors, you will eliminate a large amount of the piggybacking and other physical security breaches, which are still some of the prime ways that prowlers gain information. The next way is to provide proper training for your employees to follow the security guidelines and assist with the physical security measures taken. With proper training, employees know how to lock their computers, protect their files, and protect sensitive information. By following the rules in training, they will help to eliminate an even larger amount of security breaches. Too many employees do not know how easy it is to protect their information and how much they can assist with the protection of a company’s data and databases. These two factors are the largest participants in information......

Words: 354 - Pages: 2

Premium Essay

Sales Contracts – Breaches and Remedies

...Sales Contracts – Breaches and Remedies Flavia Ana Guez Business Law for Managers In a business environment, you may at times find yourself caged by circumstances. From time to time, you might have to make decisions that require breaching a contract. As a merchant, the Uniform Commercial Code governs the impact of the breach of your contract whether you are the seller or the buyer. Seller`s remedies for breach of contract If a buyer repudiates/ breaches a contract, the seller`s remedies and options are as follows: • Withhold delivery of the goods • Stop delivery of goods in transit • Resell the goods and recover damages • Recover damages equal to the difference between the market price and the K price • Cancel the contract In a scenario where the seller chooses to resell the goods, the resale must be made in good faith and in a commercially reasonable manner. In this situation, the seller may recover the difference between the resale price and the contract price, together with any incidental damages, but less expenses saved as a result of the buyer’s breach. If the resale of the goods is done via a private sale, the seller must give the buyer reasonable notice of the intended sale. If a reasonable notice is not given to the buyer, the seller might be prevented from recovering under this remedy. 
 If the goods are not resold by the seller, the difference between the contract price and the market price under the contract can be......

Words: 749 - Pages: 3

Premium Essay

Data Security

...Lara Ramey Southern New Hampshire University OL 442 – Professor David Miller April 25, 2015 Final Paper: Data Security With technology taking over businesses and costs rising higher by the year, having a solid data security policy in place is an extremely beneficial and important part of protecting an organization. Sinrod (2010) discusses how financially damaging data breaches can be for an organization, with an average cost of $6.75 million per incident in 2009. Breaches can be expressed both in and out of the organization, with especially staggering statistics on employee theft. Dwyer (2014) states, “39 percent of data theft from businesses comes from company insiders. Even more troublesome, 59 percent of ex-employees admit they stole data from their former employers.” With figures as high as these, it is up to company executives and management personnel to apply great effort in creating data security plans that cover all aspects of potential threats in order to keep incidents and costs low. Human Resources must also have a role in designing and implementing these policies, as well as conveying them appropriately to both managers and employees. Jackson et al. (2014) proposes developing an ethics code for the entire company to follow and stressing the importance of managers to “practice what they preach.” If the organization follows its own protocols and demonstrates ethical behavior, it is more likely their employees will follow suit. Before the policy is......

Words: 1090 - Pages: 5

Premium Essay

Preventing Security Breaches: Collaborative Summary

...Preventing Security Breaches: Collaborative Summary BIS/221 05/25/2015 Preventing Security Breaches: Collaborative Summary When it comes to protecting the consumer’s information it not only includes the information contained on your personal bank/retailer card but also the information that you are required to enter on such self-service retail platforms such as KIOSK. According to the article, KIOSK Information Systems (KIOSK), offers licensing options for deplorers to secure their self-service retail platforms with Intel Security's McAfee Integrity Control technology before shipment and installation. Looks as if McAfee has taken their security software that is distributed to the average home CPU user and have expanded upon it to create and offer the consumer protection through their McAfee Integrity Control software, which provides extensive protection for retail devices, including self-service transactional kiosks. There are so many different security software application/companies out there available but there is only one offered which is Intel McAfee. I actually find it comforting as a consumer that McAfee is the software of choice especially with the companies 30 year plus history and dependability. I believe McAfee is the security software of choice for these types of self-service retail platforms because as stated in the article it is globally used and supported by a majority of platforms in the retail world. When it...

Words: 535 - Pages: 3

Premium Essay

Preventing Security Breaches

...Preventing Security Breaches There have been many large security breaches in the past few years, including such huge corporations as JP Morgan, Home Depot and Target. According to a report published by Ponemon Institute in September of 2014, almost half of all U.S. companies experienced a security breach of some kind in the past year. On top of that, an Identity Theft Resource Center report found more security attacks in the U.S. in 2014 than in any previous year. What can be done to prevent the release of potentially sensitive information? There are several precautions that can make a big difference when it comes to security breaches. Three of the most important are keeping software up-to-date, securing your network and properly training your employees. Keep Software Up-to-date Earlier this year, thousands of Oregonians who used state websites to pay child support, file unemployment claims and renew their vehicle registration were left vulnerable to attackers who could intercept Social Security numbers and other sensitive information. This vulnerability was due to the use of outdated encryption protocols on the state of Oregon’s websites. One of the easiest ways to avoid security breaches is simply to keep all software and systems up-to-date. Using outdated encryption, last year’s virus protection software or an operating system from 1998 is a recipe for disaster. Secure Your Network During late 2014, the State Department revealed that hackers had breached its......

Words: 524 - Pages: 3

Premium Essay

Security Breaches in Health Care

...“The healthcare industry will see even bigger breaches of data and patient privacy in 2014, an Experian report says” (www.experian.com), according to this report “The healthcare industry, by far, will be the most susceptible to publicly disclosed and widely scrutinized data breaches in 2014”. A data breach is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so. Data breaches may involve personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual property. A data breach is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so. Data breaches may involve personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual property. According to laws in 40 states, when a data security breach occurs, notification must be made to the affected individuals. Depending on the size and scope of the breach, notification can be handled in a variety of ways, including by mail, telephone, email or through the news media. The Health Insurance Portability and Accountability Act (HIPAA) protect patients' privacy and simplify the administrative processes. Information security considerations are involved throughout the guidelines and play a significant role in complying with the Privacy Rule. The purpose of this rule is to...

Words: 1280 - Pages: 6

Free Essay

Data Breach

...Data Breaches Threats and Vulnerabilities IT/200 Reba Sanford Finding out information has been compromised or even the idea can be extremely alarming. Data breaches happen every day and numerous people are affected. When a breach happens, it could affect consumers, companies, and employees as well as individuals using online services at home. There are several types of breaches and it is very important to protect people from all of them. Internal attacks are the most frequent and easiest attacks because people already have access to the data. As a company, it is important to make sure that passwords used within the facility are updated frequently. Upon terminating an employee, a company should terminate all of the ex-employee’s access to existing networks. Another way a company experiences data breaches is by allowing unsecured mobile devices to access their network. Public access to a company’s networks raises a lot of risks. When devices access the network, it weakens the security of the network including passwords and secured accounts. The same thing applies to people in their homes. Home networks allow you to secure a connection by using a password. However, when outside parties are allowed access to the network, it becomes more vulnerable. It is important to filter the information that you send over a network. When making online orders or purchases at home, it is probably best to use a prepaid debit card versus one linked to an actual bank account. Also, online......

Words: 683 - Pages: 3

Premium Essay

Data

...Discuss the importance of data accuracy. Inaccurate data leads to inaccurate information. What can be some of the consequences of data inaccuracy? What can be done to ensure data accuracy? Data accuracy is important because inaccurate data leads may lead to such things as the closing down of business, it may also lead to the loosing of jobs, and it may also lead to the failure of a new product. To ensure that one’s data is accurate one may double check the data given to them, as well as has more than one person researching the data they are researching. Project 3C and 3D Mastering Excel: Project 3G CGS2100L - Section 856 MAN3065 - Section 846 | | 1. (Introductory) Do you think Taco Bell was treated fairly by the mass media when the allegations were made about the meat filling in its tacos? I think so being that they are serving the people for which I must say that if you are serving the people then it’s in the people rights to know what exactly you are serving them. 2. (Advanced) Do you think the law firm would have dropped its suit against Taco Bell if there were real merits to the case? It’s hard to say but do think that with real merits it would have changed the playing feel for wit real merits whose the say that Taco Bell wouldn’t have had an upper hand in the case. 3. (Advanced) Do you think many people who saw television and newspaper coverage about Taco Bell's meat filling being questionable will see the news about the lawsuit being withdrawn? I doubt......

Words: 857 - Pages: 4