It seems that we are seeing more data hacks every week. ebay and Target have both been hacked so far this year, with the loss of millions of customer records, and in the case of Target, even their financial information.
With this kind of leak and the huge negative press around it, many would have thought that other companies should have been wary of hackers who have become more advanced. The fact that these companies hold millions of records of their customers, many of whom would have been effected by the hacks should have been warning to others in this area. If you hold significant amounts of data, you are at risk.
From this backdrop of warnings I looked at my phone this morning, to see that JP Morgan Chase are the latest corporation to be hacked.
JP Morgan are not a small company who would have thought that nobody would bother attacking them. They are in fact one of the largest banks in one of the richest countries in the world. They are prime targets, probably one of the most targeted organisations in the world for hackers.
With this in mind, a single breach could be acceptable, it is unrealistic to think that they could withstand increasingly complex hacking attempts on their servers without one being able to get through at all. The aspect of this story that I find worrying is that it took a month to discover the hack, which allowed over 76 million households to be affected.
With the Target and ebay hacks, data and in some cases cards could have been effected. In the JP Morgan Chase hacking, the entire livelihoods of people rests within the servers of the banks. Mortgages, credit ratings, savings, practically every single financial transaction made in any store or on any site is held on each of their customers. It is not just a hack where they find their email addresses or a soon-to-be-cancelled debit card. If the hackers had fully infiltrated the JP Morgan Chase system, they could have very easily ruined people’s lives.
JP Morgan’s CEO, Jamie Dimon, said earlier this year that they would be spending $250m and employing a team of a 1000 people to oversee it’s system to minimise security risks. This was clearly a failure and should be looked upon as much.
With this much money being used to protect the system and the number of employees who had been tasked with keeping it safe, the fact that this hack remained undetected for a month is shocking. Once through the walls, if the hackers had a bit more urgency, they could have had access to even more information.
We now live in an age where threats of data breaches are a daily occurrence, a threat that we need to be vigilant about. Dimon does recognise this, he wrote in his annual letter to shareholders ‘It is going to be a continual and likely never-ending battle to stay ahead of it - and, unfortunately, not every battle will be won’. This is a case where the battle hasn’t been won. The question is; why did it take them so long to see they had lost?