Why Did We Give JPMorgan Chase Months To Prepare for the Breach Announcement? by @spockosbrain

Why Did We Give JPMorgan Chase Months To Prepare for the Breach Announcement? by Spocko

Did you know that banks are not required to report data breaches unless it results in a financial loss to customers?
The intrusion also highlights a possible gap in United States regulations. Banks are not required to report data breaches and online intrusions unless the incident is deemed to have resulted in a financial loss to customers. Breach notification laws differ by state, but most laws require only that companies disclose a breach if customer names were stolen in conjunction with other information like a credit card, Social Security number or driver’s license number. 
In some states, companies can wait up to a month to inform customers of a breach. Other state laws are more vague.
New York Times Dealbook By Matthew Goldstein, Nicole Perlroth and David E. Sanger

Joint Operations train against cyber war

Lots of people have read that the JPMorgan Chase data intrusion started in June and went until mid-August. Maybe you read some of the technical publications that covered it like ARSTechnica, The long game: How hackers spent months pulling bank data from JPMorgan or maybe some business press back then JPMorgan Hackers Came In the Front Door -- in June. Two Months of Mayhem (warning video autostart)

As one of the 83 million Chase customers whose data was exposed, I wanted to have known sooner than October 3.  Do you want to bet that a lot of really big customers did find out in advance? Anyone bother to ask them when? Did they stay or quietly move their accounts? Or were they informed that nine other financial institution were hacked and that the public doesn't know because the Treasury is afraid of a financial panic/meltdown?

As the favorite, too big to fail bank, the US Government was there to help JPMorgan Chase as much as possible. I guess they felt guilty, what with forcing them to pay that big fine for their earlier massive fraud and asking them help with US imposed sanctions on Russia.

What is interesting to me is that I've read about 30 stories now about the data breach and most are still treating JPMorgan Chase with kid gloves. Some are downplaying the seriousness of this when asking questions. One story asked people on the street, and determined it's a boring story and nobody cares.

Maybe all my questions have been asked and answered and I'm just slow. These questions might seem dumb or "out of the loop" by the savvy business press, but I'm just your average consumer Vulcan so I wrote the Consumer Financial Protection Bureau and asked a few questions:
The burden of follow up and spot fraud was placed on the consumer following Chase's failure to keep its network secure. 

The media is still absorbing this story. Fox is running, "What can you do to protect yourself?" stories. Maybe we will start seeing a deeper analysis of this soon, but only in the approved channels of inquiry. If it goes too far I'm guessing the "National Security" reasons will be invoked.

During the upcoming media and PR blitz I expect this attack on JPMorgan Chase will morph into "It's your patriotic duty to stick with this bank or the terrorists Russians win." Fox News loves wars, I'm guessing that the "We are at Cyberwar with Russia!" story to start soon. I hear they will have some nice theme music.

Dimon's political clout will protect him. Too bad the CEO of Target didn't have that he was forced to resign with the hack happened on his watch. Dimon will probably get a raise, and a Presidential Medal of Freedom. Like this guy.
.
Joint Operations train against cyber war photo by.Georgia National Guard Creative Commons License