More Major US Firms Hit By Hackers
Cyber attacks are nothing new, but the last few months have seen some major U.S companies hit hard by hackers, which only serves to highlight the monumental task faced by both corporations and security providers in curbing these damaging actions. JP Morgan Chase and Kmart were both hit hard, with Kmart discovering the breach earlier this month. Kmart cash registers were targeted, leading to the compromise of debit and credit card details. JP Morgan Chase didn’t far much better, with personal data for over 70 million households around the US falling into the cyber thieves hands.
Kmart discovered that cash registers at over 1000 of their stores had been hacked on the 9th October, leading to an ongoing investigation in partnership with the company’s IT security firm. So far, the investigators believe that the cash registers were infected by malware some time in September, leading to the aforementioned compromise of credit and debit card details. While this is a serious breach, and of major concern to Kmart, the company was quick to point out that no personal or sensitive data, such as PIN numbers or social security details, were affected. The malware has now removed, and Kmart have offered free credit protection monitoring for the affected customers. While this is certainly a fundamental step in placating no doubt angry customers, maintaining good relations with consumers after these kinds of incidents can be much more difficult – another reason why Kmart are keen to be seen as acting quickly to minimise the damage.
JP Morgan Chase
In a sense, Kmart’s quick reaction to the cyber attack is likely to be, in part at least, influenced by how JP Morgan Chase handled the theft of 76 million customer details recently. The bank has been accused of failing to notify customers quickly enough about the loss of their data, and as a result the State’s Attorney’s office has become involved. In fact, the case has highlighted not only the importance (and challenge) of keeping so much data secure, but also the fact that currently, companies are under no time pressure to divulge data breaches to customers when they are affected. As a result, JP Morgan Chase could take as long as they felt necessary before informing affected customers. That said, in this case no sensitive information was stolen – at least the kind that requires the company to notify those affected by law. While email addresses and phone numbers were stolen, particularly sensitive information such as account numbers, PIN codes, and passwords remained secure.