Breaches Can Be More Than Just Account Data

While account information is obviously important and needs to be protected, it’s not the only information that needs to be safeguarded. A recent breach at JPMorgan Chase brings attention to the importance of protecting all of your customer’s personal information. As part of the recent attack, hackers accessed personally identifiable information stored by Chase about some 76 million households and 8 million businesses. That means those hackers have all the information they need to wage sophisticated spear phishing campaigns that appear to be from the bank.

 

It’s well past time for everyone involved in risk management to recognize that the templates they’ve used to prioritize what data they protect needs to acknowledge that all personal information requires protection; not just account information.  The breach at Chase is a prime example of exactly that.

 

Although your bank may be much smaller than Chase, the risks to your clients and the cost of responding to phishing attacks can become a burden. Prioritization is necessary and PCI-DSS information and customer account data absolutely needs to be protected, but that doesn’t mean that a customer’s communication and billing information don’t need to be protected as well. Many banks are layering up security for data they deem “sensitive.” But it seems they’re not making as great an effort to protect PII.

 

A list of valid bank customers’ e-mails, phone numbers and addresses is significant. Everyone needs to recognize that even a large breach of what is deemed ‘less valuable’ information is often more valuable than thought, and the cost of a breach of this ‘less valuable’ information is not always less. To prove this, just ask the CFO at Chase as he adds up the cost of reputation and privacy impacts. It’s time for everyone to re-stack the risk management template used to prioritize what data we protect and how.

 

It’s high time banks, and all organizations for that matter, encrypt PII data, just like they would card data and other sensitive information.

 

If you want to ensure that all of your customers important information is protected call ITPAC today.