Go to:

May 2018
< Apr Jun >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

Rep. Cummings Requests Bipartisan Hearing on JPMorgan Breach
Friday, October 10, 2014 6:35 AM

In response to the data breach at JPMorgan Chase, which affected as many as 76 million households and seven million small businesses—one of the most serious computer intrusions into an American corporation— Rep. Elijah Cummings (D-MD) has requested a bipartisan hearing to examine the breach.

Cummings, the ranking member of the House Committee on Oversight and Government Reform, requested the committee convene such a hearing in a letter sent Tuesday to Rep. Darrell Issa (R-CA), chair of the committee.

"According to filings with the Securities and Exchange Commission, JPMorgan Chase reported that this data security breach compromised account holder names, addresses and phone numbers but not necessarily passwords," Cummings wrote, adding that The New York Times reported approximately nine other financial institutions were affected.

The New York Times report cites sources that say the hackers are thought to be operating from Russia and "appear to have at least loose connection with officials of the Russian government."

Cummings said in his letter that the JPMorgan breach comes in the wake of similar breaches at Home Depot, Target and others.

"I believe that conducting an investigation of the data security breach at JPMorgan Chase and the other entities I have highlighted previously will help the committee learn from these corporations about security vulnerabilities they have experienced, in order to better protect our federal information technology assets," he wrote.

"These attacks," he continued, "which come on the heels of breaches involving tens of millions of consumers at Home Depot, Target, and others, have occurred at a time when consumer confidence in the digital operations of corporate America has already been shaken."

The New York Times also said the breadth of the attacks—and the lack of clarity about whether it was an effort to steal from accounts or to demonstrate that the hackers could penetrate even the best-protected American financial institutions—has left Washington intelligence officials and policy makers far more concerned than they have let on publicly. Some American officials speculate that the breach was intended to send a message to Wall Street and the United States about the vulnerability of the digital network of one of the world’s most important banking institutions.

This summer, Treasury Secretary Jacob J. Lew called on Congress to pass legislation that he said would bolster the information sharing process. "As it stands, our laws do not do enough to foster information sharing and defend the public from digital threats," Lew said.

That the hackers were apparently able to move around JPMorgan’s computer system undetected for several weeks is perhaps the most troubling aspect of the recent breach, officials at other large banks say.

The hackers were able to attain high administrative privileges within JPMorgan’s network, rooting more than 90 servers and rummaging through customer databases with detailed information for 76 million households and seven million small-business online accounts.

Again, The New York Times reports, weeks into the attack, in mid-July, unusual behavior on the bank’s network was spotted, and the attackers were stopped before they had a chance to pull any customer data back to their servers abroad.

But they did make off with one file which has unnerved executives. That file contained a list of every application and program deployed on standard JPMorgan computers that hackers can crosscheck with known, or new, vulnerabilities in each system in a search for a backdoor entry.