Why Did We Give JPMorgan Months To Reveal They Were Hacked?
Did you know that banks are not required to report data breaches unless it results in a financial loss to customers?
The intrusion also highlights a possible gap in United States regulations. Banks are not required to report data breaches and online intrusions unless the incident is deemed to have resulted in a financial loss to customers. Breach notification laws differ by state, but most laws require only that companies disclose a breach if customer names were stolen in conjunction with other information like a credit card, Social Security number or driver’s license number.
In some states, companies can wait up to a month to inform customers of a breach. Other state laws are more vague.
Lots of people have read that the JPMorgan Chase data intrusion started in June and went until mid-August. Maybe you read some of the technical publications that covered it like ARSTechnica, The long game: How hackers spent months pulling bank data from JPMorgan or maybe some business press back then JPMorgan Hackers Came In the Front Door — in June. Two Months of Mayhem (warning video autostart)
Now does it bother anyone else that maybe some of the 83 million customers might have wanted to have known sooner than October 3? Do you want to bet that a lot of really big customers did find out in advance? Anyone bother to ask them? Did they stay or quietly move their accounts? Or were they informed that nine other financial institution were hacked and that the public doesn’t know because the Treasury is afraid of a financial meltdown?
As the favorite, too big to fail bank, the US Government was there to help JPMorgan Chase as much as possible. I guess they felt guilty, what with forcing them to pay that big fine for their earlier massive fraud and asking them help with US imposed sanction on Russia.
What is interesting to me is that I’ve read about 30 stories now about the data breach and most are still treating JPMorgan Chase with kid gloves. Or downplaying the seriousness of this when asking questions. One story asked people on the street, and determined it’s a boring story and nobody cares.
Maybe all my questions have been asked and answered and I’m just slow. These questions might seem dumb or “out of the loop” by the savvy business press, but I’m just your average consumer Vulcan so I wrote the Consumer Financial Protection Bureau and asked a few questions: