Maybe this is more a piece on communication (or lack thereof) in response to (or in the middle of) a crisis. But it involves who owns “your” information, and what they do when “your” information gets hacked. And also what happens when the controls established to prevent a hazard fail, and what information the responsible party provides, and doesn’t.
“State Officials Eye Bank Hack,” Wall Street Journal, October 4-5, 2014 B2. J.P. Morgan Chase announced in August that a bunch of “its” consumer data had been hacked, such as customer names, phone numbers, and email addresses. The FBI got involved. Allegedly, no super-sensitive information (e.g., Social Security numbers) was taken, but who knows? Two state attorneys general have contacted the bank, perhaps to verify that the bank is taking all the necessary steps to notify affected customers under the patchwork of applicable breach notification laws. 76 million customers, some of them registered voters. One assumes the lawsuits alleging negligence in failing to prevent the hack to begin with will be coming soon, including actions from people who fear their information has been disclosed, as with the fear of cancer cases.
How has the bank responded? Notification to customers in August, September, and October. Little in the way of detail as to how this happened, what was disclosed, and who’s affected. Hopefully the bank protects your money better than it protects your information. Are they any worse at handling customer concerns following a breach than Target, Neiman Marcus, PF Chang’s, Supervalu, or Home Depot, to name a few? Do more details help assure the customers that you know what you’re doing? Does a bank have a higher obligation than a commercial merchant?