Chase breach affects 76 million accounts, raises questions about detection failure
Chase breach affects 76 million accounts, raises questions about detection failure

An initiative first conceived by JPMorgan Chase & Co. to use tools from data mining firm Palantir Technologies, the brainchild of Silicon Valley figure Peter Thiel, to identify insider threats, quickly evolved into a surveillance scandal.

Run by Peter Cavicchia III, a former Secret Service agent, the Chase program collected data on employees, including browser histories, transcripts of phone calls, emails and GPS locations from company smartphones, according to a comprehensive report by Bloomberg.

The Palantir tools combed through the data, sorting and analyzing it to profile employee behavior and flag potential abuses, the report said. After bank executives discovered that the Cavicchia had gone “rogue,” crossing privacy boundaries and his operation was spying on him, the program was yanked.   

“The world changed when it became clear everyone could be targeted using Palantir,” Bloomberg quotes former JPMorgan cyber pro who had worked with Cavicchia's team. “Nefarious ideas became trivial to implement; everyone's a suspect, so we monitored everything. It was a pretty terrible feeling.”

Christy Wyatt, CEO of Dtex Systems, said that while “in light of the data scandals going on, all organizations should certainly scrutinize their information strategies,” but warned that “we also shouldn't lose sight of the fact that not all data collection and monitoring practices are evil.”

Wyatt pointed to “numerous examples” where “a lack of monitoring and defense led to disaster,” including “the case with Edward Snowden and the Hillary Clinton campaign.” In the Snowden affair, she said, “a lack of oversight allowed him to commit treasonous acts. In the case of the Clinton campaign, nation-backed hackers took advantage of vulnerable humans who didn't have anyone watching out for them.”

Many ethical businesses “are transparent with their employees about their monitoring programs and which go to great lengths to safeguard the data they collect and analyze,” said Wyatt. “These organizations' data practices build trust, catch bad guys before it's too late, protect vulnerable employees against attackers, and prevent data breaches.”