JP Morgan Chase reported last week that 76 million households and seven million businesses had their private information compromised, including customer names, addresses and telephone numbers but excluding financial information.
Follow-up reports have since claimed that the investment bank may have been compromised by a state-sponsored actor which exploited an employee password to break into a company server (via the Bloomberg newswire).
More positively, however, the hack has sparked a deeper discussion about protecting financial institutions from cyber-attack, and most notably amongst politicians, financiers and insurers in the UK.
The House of Commons Treasury Select Committee has reportedly held several ‘high-level meetings' with regulators and other experts in cyber-crime in recent months, and is said to have stepped up its plans since the attack.
“The Treasury Committee has been looking at this issue for many years,” Andrew Tyrie, chairman of the cross-party Treasury Committee, told The Telegraph. “The JP Morgan case illustrates the scale of the risks and the importance of ensuring that firms, regulators and, where appropriate, the intelligence agencies are taking all reasonable steps to prevent cybercrime.”
The committee is also believed to have been discussing cyber security with policymakers at the Bank of England.
Elsewhere, Legal and General – one of the biggest fund managers in London – has used news of the cyber-attack to urge the biggest companies on the UK stock exchange to focus on cyber security, meanwhile the former US home secretary chief Tom Ridge has announced the foundation of a company that will sell cyber-attack insurance.
Legal and General warned FTSE350 companies how they should use this incident to improve their cyber security practises, after expressing concern that only half of chairmen in the FTSE350 thought their board understood how data loss impacted their business.
“Cyber security is a tier one threat to the UK's national interest, alongside acts of terrorism and natural hazards,” said corporate governance director Sacha Sadan in the firm's annual corporate governance report.
“Boards need to be aware of these threats when making strategic decisions or building processes to support the business,” he said.
Meanwhile, the US' first-ever homeland security chief, Tom Ridge, has announced that he is working with Lloyd's of London to launch an insurance company (Ridge Insurance Solutions ) that will specialise in corporate cyber security policies. The company will be based in Washington DC.