JPMorgan Chase has attempted to explain the delay in notification to Connecticut, but at least one Connecticut official is not satisfied. Ed Jacovino reports:
JPMorgan Chase & Co. says it waited to determine what information could have been involved in an online security breach before telling officials this week that people with state-issued debit cards could have had their personal information stolen.
“When we detected the issue, our first priority was to protect our systems and the cardholders’ data and accounts,” JPMorgan Chase spokesman Mike Fusco said Friday.
Then the company assessed what information could have been hacked. “When we reviewed those results, we quickly took steps to communicate with everyone impacted,” Fusco said.
That review took at least two months.
[…]
The contracts between the state and JPMorgan Chase require much quicker notification of any data breaches.
The contract with the state Department of Revenue Services, for example, says the bank must “immediately notify” the state and people affected if information is compromised. It also allows the state to cancel the contract if information is leaked, and requires JPMorgan to follow certain security standards and share some of its security policies with the state.
Read more on Journal Inquirer.