Marketplace has a new podcast for kids, "Million Bazillion!" EPISODE OUT NOW

How a bank knows it has been hacked

David Gura Oct 3, 2014
HTML EMBED:
COPY

How a bank knows it has been hacked

David Gura Oct 3, 2014
HTML EMBED:
COPY

Hackers got into JPMorgan Chase’s network over the summer, and according to the bank, that breach compromised 76 million households and 7 million small businesses. The bank says there is no evidence hackers got a hold of account information, just names and addresses, e-mails and phone numbers, but those data are valuable. 

Companies often learn their systems have been breached from third parties. According to Anton Chuvakin, a vice president in Gartner’s security and risk management group, law enforcement will call if they spot stolen data on underground forums.

“Oh, by the way, we are seeing your data here,” might be the message from law enforcement, he says. “What’s up with that?”

These days, big banks spend big on their own security. JPMorgan has allocated $250 million.

When a bank discovers a breach, “you’re going to have a big senior management powwow,” says Julie Conroy, research director for the Aite Group’s retail banking practice, who covers data security. Management will put into place a “security incident response plan,” “and the forensic analysis is very much like what you see at a crime scene,” she says.

It’s methodical, and according to Martin Lindner, a cybersecurity specialist at Carnegie Mellon University’s Software Engineering Institute, banks keep logs of everything that happens on their servers. “So, in theory, they can go back to all those logs, replay them, and see what happened that was the thing that appears to be nefarious,” he explains. That is a lot of information, and going through that is time-consuming.

Forensics is just one part of a “security incident response plan.” There is also remediation and communication. With this breach, tens of millions of people are at risk. Lawrence Baxter, the William B. McGuire Professor of the Practice of Law at Duke University, says hackers could use what they have gathered to phish for more information using, say, an official-looking e-mail message.

“You may only get a half of one percent of the customer base fooled by it, but that’s enough,” he says, to cause more damage to customers’ bank accounts, and also to the bank’s reputation.

We’re here to help you navigate this changed world and economy.

Our mission at Marketplace is to raise the economic intelligence of the country. It’s a tough task, but it’s never been more important.

In the past year, we’ve seen record unemployment, stimulus bills, and reddit users influencing the stock market. Marketplace helps you understand it all, will fact-based, approachable, and unbiased reporting.

Generous support from listeners and readers is what powers our nonprofit news—and your donation today will help provide this essential service. For just $5/month, you can sustain independent journalism that keeps you and thousands of others informed.