Data breaches at JPMorgan Chase and T-Mobile
A couple of big name breaches have made the news recently, from both JPMorgan Chase and T-Mobile.
In the former, the bank warned that a number of customers had their personal information accessible to others via the mobile app or website. Among the information were potentially account numbers, balances and transactions. As of yet, no misuse of the compromised data has been reported, but JPMorgan is still offering affected customers a free year of credit monitoring through Experian. It’s fortunate for all involved that the scope of this breach doesn’t appear to have been larger. After all, it was just last year that Capital One was fined $80 million for its role in a breach of over 106 million accounts, which also led to new proposed federal requirements on breach notifications for banks.
More expansive is the current T-Mobile breach, at least the company’s fourth since 2015. This time, more than 50 million current and former customers have been affected, and the provider is now facing a class-action suit. Fortunately, the hackers apparently did not access drivers’ licenses and Social Security numbers, although T-Mobile had initially reported that his data was also compromised. According to Vice, the stolen data has been sighted for sale on the dark web for the Bitcoin equivalent of $277,000. The Federal Communications Commission (FCC) has opened an investigation into the incident, while the mobile carrier has stated it took immediate steps and cut off access to the vulnerable data.
What both these instances show is the perpetual effort it takes for businesses to keep up their defenses, and the distance we still have to go. For the JPMorgan case, we can also see yet another example of the data security risks to the financial sector. In the first five months of 2020 alone, cyberattacks against this industry increased by 238%, says Tom Kellermann, head of cybersecurity strategy at VMware. This also includes attacks against banks like First Horizon, Morgan Stanley, and challenger bank Dave, from whom customers are expecting quicker notification.
With people demanding better security and faster results from those who handle their sensitive data, firms need to take the issue seriously before they can take the proper steps to protect their networks and avoid landing in hot water.