Now that JPMorgan Chase has revealed that a cyberattack it sustained impacts the accounts of 76 million households and seven million businesses, a New York bank regulator has taken action to make sure the heads of financial institutions are aware of their responsibility in thwarting future attacks within the sector.
On Monday, Benjamin Lawsky, superintendent of New York's Department of Financial Services (NYDFS), told the Financial Times he planned to meet with the chief executives of regulated firms.
“The cyber threat has become urgent, one of the most important issues facing financial sector chief executives,” Lawksy told the Financial Times. “It's got to be at the chief executive level. It is not an IT problem. It is a bank problem,” he said.
In an SEC filing last Thursday, JPMorgan divulged that the previously reported breach exposed customer contact information, such as names, addresses, phone numbers and email addresses, linked to 76 million households and seven million small businesses. While initial reports said that at least four other financial firms had been targeted by the perpetrators, believed to be Russian state-sponsored attackers, The New York Times said Friday that the number of infiltrated institutions actually entailed nine other firms, citing sources close to the matter.
NYDFS head Lawsky reportedly said that the meeting with bank execs would not focus on just the JPMorgan hack, as the incident is just “one of many.”
“This is a chance to re-emphasize and remind everyone that this isn't just an issue that should be on a list of problems and things to worry about and work on,” Lawsky told FT, later explaining that the department was briefed on the JPMorgan breach last week.
In a Monday interview with SCMagazine.com, Richard Martinez, a partner at law firm Robins, Kaplan, Miller & Ciresi, who chairs the firm's cyber security and data privacy practice, spoke on the growing incidence of massive breaches and how it heightens expectations around enterprise security.
JPMorgan reassured customers last week that there was no evidence that customer account information was compromised in the breach – meaning data like account numbers, passwords and Social Security numbers did not appear to be accessed. The company also said that it had not seen “any unusual customer fraud related to this incident.”