An important lesson to learn from the massive JPMorgan Chase breach is that banks can't just focus on protecting card data and online banking accounts; they also must protect their customers' personally identifiable information.
The hackers who breached JPMorgan Chase also infiltrated about nine other financial institutions, and may be operating from Russia, according to one news report. But security experts caution against jumping to conclusions over attackers' identities or motives.
If JPMorgan Chase, which was considered one of the most secure organizations in the world, can be breached, then virtually all other banks likely are at risk, too. Experts explain why early detection and information sharing are key to mitigating threats.
The development of authentication technologies that could replace the password is "nearing a tipping point," but there's still several years of work to do, says Jeremy Grant, who oversees the National Strategy for Trusted Identities in Cyberspace.
The inquiries focus on U.S. Investigation Services, a contractor that conducted security-clearance background checks, and whose computers were breached in August, exposing data on 25,000 federal employees.
Leading this week's industry news roundup, KPMG acquires assets of Qubera Solutions, which provides identity and access management services, while Palo Alto Networks launches an endpoint protection solution.
JPMorgan Chase has confirmed that 76 million households and 7 million small businesses were impacted by a breach that reportedly began in June and was not detected until late July. One fraud expert calls the breach "a national crisis."
As researchers scramble to learn more about Shellshock and the risks it poses to operating systems, servers and devices, Michael Smith of Akamai explains why not all patches are actually fixing the problem.