A group of state attorneys general who are investigating a computer systems breach last summer at JPMorgan Chase, which potentially exposed some information for 83 million consumers and small businesses, wants the bank to explain how it can be certain no sensitive information was compromised, the New York Times DealBook blog reported yesterday. The group, which includes more than 15 attorneys general and is led by those from Illinois and Connecticut, sent a letter last Thursday to JPMorgan and its outside lawyers seeking more details about the nature of the breach and what measures the bank was taking to prevent a similar incident. JPMorgan has said that the breach, which went undetected for several months, only allowed the hackers to gain access to customer phone numbers, addresses and email addresses. More sensitive information — like financial data, Social Security numbers, email passwords and user identification combinations — remained safe, the bank said. But the group said much about the breach remained a mystery. “Critical facts about the intrusion remain unclear, including details concerning the cause of the breach and the nature of any procedures adopted or contemplated to prevent future breaches,” said the letter.
http://dealbook.nytimes.com/2015/01/14/state-attorneys-general-press-jp…
In related news, New York Attorney General Eric T. Schneiderman today intends to propose a bill that would expand his state’s definition of what constitutes the type of private information whose breach would mandate a disclosure to include email addresses and passwords, the New York Times reported today. Companies would be required to keep this data secure and notify consumers and employees in the event of a cyberattack or other data breach involving that information. The proposal would be a significant change to the state’s current definition, which mainly covers the unintended disclosure of a person’s Social Security number, driver’s license or credit card number. The proposal would update a consumer protection measure that Schneiderman sees as “outdated and toothless,” given a growing number of hackings at big companies.
http://dealbook.nytimes.com//2015/01/14/new-york-attorney-general-seeks…