Assessment of The Issue
As the world becomes more digital and technology advances at a fast pace, so does the number of computer security breaches. These velocity of occurrence of such breaches are increasing with each passing day. One such computer security breach took place in the year October 2015, when the global information services group Experian declared that one of its business units has been hacked. The breach occurred on the server which contained data on behalf of one its client named T-mobile. Experian stored personal data of about 15 million customers and applicants of USA, who must have applied for the service of T-mobile in the pas. It also hacked the data of new applicants as well whose credit check was pending for the services or device financing from 2013 to 2015. Records such as the name, address, contact number, date of birth and also certain encrypted fields as well such as Social Security number and ID number from the submitted ID proofs such as passport number or a driving license number were stolen.
On assessing the main issue it is understood that the hackers had mainly concentrated their actions only on one particular server of Experian which stored sensitive and highly confidential data of T-mobile customers and that server had stored data for conducting a credit verification for the period September 2013 to September 2015.
The said malafide action happened within a very a short span of time. The entire incident occurred in a closed manner wherein the hackers had concentrated their attention towards hacking only the server containing the details of T-mobile. It is understood from various sources that Experian’s Decision Analysis credit information support portal gave a free access to everybody for uploading random file attachments of any type without checking the creditability of the file (Brandom, 2015). Due to this ease in uploading, the attackers got an opportunity to install malevolent files into the main data server. The files injected, dragged T-mobile into the scandal of leakage of private information of its customers.
The same had occurred in seclusion and due to the fact that Experian had not installed the required passcode and accessibility restrictions of its databases the hack took place. Experian’s main job is to protect the data of its clients and for the same it should continuously upgrade its present hardware and software installed so that the breaches can be prevented from occurrence.
The CEO of T-mobile although was very upset with Experian and the kind of security it provides to the data o its clients, but he said his first focus would be directed towards assisting the affected customers. The said hack has had a very bad toll over the reputation of the two companies but T-mobile has taken all efforts to drop the blame on Experian on whom they had trusted and that T-mobile is very strict with its privacy data policies (Cheng, 2015). Apart from the same T-mobile should have also checked the past history of Experian before entrusting it the job of same and handing over to them data of such a huge number of customers.
Solutions To Prevent Such Hacks
The possible solutions that should be adhered to so as to prevent such kind of hacks in future is that the companies who store the data of others should ensure that their system is upgraded in a timely manner adequate firewalls should be installed at the right places so that any kind of theft can be caught during its occurrence itself and damage can be limited. Experian should inculcate certain important practices within its system such as a vigorous encryption of information, dual authentication while accessing any data base by the customer as well as the staff members, server virtualization should be encouraged and timely monitoring if the system so that such breaches can be prevented in future (Pagilery, 2015).
Experian has also made it clear that no banking information has been leaked to the hackers and that they are all secured. Further it is sending a letter to all those infected customers providing them free credit monitoring services for two years. But the issue is what after those two years? For the same, an Experian spokesperson has made it clear that the fraud resolution team will always be available in case of any threat caused to any customer even after two years (Larson, 2015). Warnings have also been given to the customers in case of any kind of fraudulent emails and such similar communications from unknown resources should be neglected.
Thus had Experian installed a well protected system which was capable of stalling any kind of malafide acts then such a theft of data would not have taken place. Unfortunately, the system installed has various loose ends along with absence of fire walls as well. Secondly, T-mobile should not have trusted Experian when its past record is not satisfactory i.e. the Company had been involved in the past as well for being negligent with regards security of customer data. They should also take an action against Experian so that the same does not occur with any other client.
Brandom,R. (2015). T-mobile customers exposed in major Experian data breach. Retrieved from https://www.theverge.com/2015/10/1/9436061/t-mobile-credit-check-data-breach-experian
Cheng,R. (2015). Data-breach hits roughly 15M T-Mobile customers, applicants. Retrieved from https://www.cnet.com/news/data-breach-snags-data-from-15m-t-mobile-customers/
Larson,R. (2015). T-mobile, Experian Sued Over Data Hack Affecting 15 Million. Retrieved from https://www.bloomberg.com/news/articles/2015-10-07/t-mobile-experian-sued-over-hack-on-15-million-customers
Pagilery,J. (2015). T-Mobile customers’ info breached after Experian hack. Retrieved from https://money.cnn.com/2015/10/01/technology/tmobile-experian-data-breach/
The year 2014 witnessed one of the biggest cyber attacks against the American Bank JP Morgan Chase. It is said to be one of the biggest information system hack in the history of America and the most serious till date. The hack was made public in September 2014 even though the same was caught in July since it took almost two months to stall the attack completely. The hackers are said to have intruded the account information of around 83 million accounts and the bank confirmed that the login details were safe and the hackers basically took charge of the account holders name, address, contact number and email ids thus making it clear that it was more of a phishing attack. The attack however did not only take place in JP Morgan Chase alone but nine other financial institutions as well which showed that attackers main goal was to attack the accounts of the banks and financial institutions.
Initially it was understood that the hack was done by hackers from Russia who had loose connections with the Russian Government. But the picture as of now says a different issue. As per the government of USA, the hack was planned by a group of individuals who were associated with a pump-and-dump stock manipulation scheme, credit card frauds and owning casinos which were illegitimate. The most obvious question that arises into minds of the readers are why a bank? However, the main reason was that hacking the database of banks would help to obtain data about certain specific accounts and a more sound insight into the market. Covering a four year period from 2012 to 2015, the hackers and there co-conspirators had maneuvered a huge lot of publicly traded shares and stocks and sent incorrect hints to the clients of these banks whose data they had stolen thus gained by trading accounts that were opened using fictitious identity. Along with the same, the other issue was involvement of the bank officials as well who very easily paved the way for these illegal transactions without questioning so as to obtain a kickback from them (Farell et,al, 2015).
The said cyber attack was done at ten financial institutions and banks, but JP Morgan was the main target of the hackers as is understood. The sufferers to the said crime was the banks and the financial institutions of the Wall Street and the customers. Not only JP Morgan Chase but all those other nine institutions were also the targets which clearly shows that Wall Street is very much defenseless to cyber attacks. Migration to technology is good but the same should always be safeguarded with any possible attacks which these institutions failed to. JP Morgan is said to be the biggest and the most responsible bank in terms of customers’ money and their personal information and thus it affected their reputational value as well. It failed to install a simple security fix in the server which was never bothered by the bank authorities. People have been talking about the fact that a bank which spends millions every year to guard against various cyber attacks which are rather complicated could not prevent occurrence of a simple hack. JP Morgan was termed as a negligent bank where its security team forgot to give a two factor authentication password to one of its network servers which led to this scandal.
With regards customers, the damage did not occur to the extent of the financial information but got restricted to their personal data only. But they are still exposed to the risk of emails that copies the official messages of banks and indicates the users to click onto websites which are malicious and demand for login details. Since the contact numbers also got leaked, they are always at a risk of receiving fake calls and finally the biggest impact that the said theft may have is if the hackers send mass mail stating that ‘we are offering a free identity protection click here’ which may basically take them to a site which is uncensored. Although both the bank and the customers were impacted, but the biggest loss is that of JP Morgan Chase’s reputation (Anand, 2014).
The attackers had conducted an entire survey of the information system installed at JP Morgan with regards the various applications and programs that run on the bank’s system. They would cross verify the existing applications with the already known common vulnerabilities so that they could find a way to enter the system. They had entered the vast server system of the bank nearing to 100 such servers and the most surprising fact is that they did not take any money but had some other motive in mind. They were mainly concerned to enter into the administrative set of servers of the bank’s system so as to gain details about the customers rather than extracting money out of their accounts.
Even though it is still unknown how at all the hackers entered into the system, but it is sure that the same is not a matter of a day. Another reason which the security team of JP Morgan highlight for such a breach is the intensive acquisition by banks which makes it necessary to integrate its main system with them, thus leading them to become more easily accessible to the attackers. Another very possible cause was the security lack that happened in one of the servers due to negligence of the team to set a two factor password (Pagliery, 2015). Thus although the exact manner in which the attack must have taken place is not clear yet, but the various reasons which led to happening of the attack was known.
The bank would have been able to prevent the attack had it installed a single security fix to a server which was neglected in its network. Had the two factor passcode not been neglected to be entered for that one unnoticed server, then the attack would not have taken place so easily. However, the negligence may have been due to involvement of the security team or any particular official of the security team also in the said attack. The bank should ensure to review its servers authenticity as well as the entire security system on a regular basis (Hamilton, 2014).
Therefore, JP Morgan Chase Hack 2015, one of the biggest in the history of frauds and hacks was basically a fault at the bank’s end. Carelessness led the reputation of the bank at stake and also the personal details about the customers in the hands of malafide individuals who may misuse it whenever they wish to. Even if it is the biggest bank, yet they should not be over confident with their existing system and ensure timely review of the same.
Anand,P. (2014). Were you affected by the Chase cyber breach? Good luck finding out. Retrieved from https://www.marketwatch.com/story/did-the-jp-morgan-chase-cyber-attack-affect-you-good-luck-finding-out-2014-10-07
Farell,G., & Hurtado,P. (2015). JP Morgans’ 2014 Hack Tied to Largest Cyber Breach Ever. Retrieved from https://www.bloomberg.com/news/articles/2015-11-10/hackers-accused-by-u-s-of-targeting-top-banks-mutual-funds
Hamilton,A. (2014). A simple fix could have prevented the JPMorgan mega-breach. Retrieved from https://betanews.com/2014/12/24/a-simple-fix-could-have-prevented-the-jpmorgan-mega-breach/
Pagliery,J. (2015). JPMorgan’s accused hackers had vast $100 million operation. Retrieved from https://money.cnn.com/2015/11/10/technology/jpmorgan-hack-charges/
To export a reference to this article please select a referencing stye below:
My Assignment Help. (2022). Critical Assessment Of Experian Data Breach And JP Morgan Chase Hack: Essay On Solutions.. Retrieved from https://myassignmenthelp.com/free-samples/cab240-information-security/solutions-to-prevent-such-hacks-file-A8409F.html.
"Critical Assessment Of Experian Data Breach And JP Morgan Chase Hack: Essay On Solutions.." My Assignment Help, 2022, https://myassignmenthelp.com/free-samples/cab240-information-security/solutions-to-prevent-such-hacks-file-A8409F.html.
My Assignment Help (2022) Critical Assessment Of Experian Data Breach And JP Morgan Chase Hack: Essay On Solutions. [Online]. Available from: https://myassignmenthelp.com/free-samples/cab240-information-security/solutions-to-prevent-such-hacks-file-A8409F.html
[Accessed 21 February 2024].
My Assignment Help. 'Critical Assessment Of Experian Data Breach And JP Morgan Chase Hack: Essay On Solutions.' (My Assignment Help, 2022) <https://myassignmenthelp.com/free-samples/cab240-information-security/solutions-to-prevent-such-hacks-file-A8409F.html> accessed 21 February 2024.
My Assignment Help. Critical Assessment Of Experian Data Breach And JP Morgan Chase Hack: Essay On Solutions. [Internet]. My Assignment Help. 2022 [cited 21 February 2024]. Available from: https://myassignmenthelp.com/free-samples/cab240-information-security/solutions-to-prevent-such-hacks-file-A8409F.html.