Saturday, August 8, 2009

Chase'ing My SSN Away

When comparing Citi and JPMorganChase (Chase bank), it's not hard to see how Chase is doing better. Citi's in the hole for $45 billion of taxpayer money and Chase returned the TARP funds it never wanted in the first place. Citi's got a revolving management team and board while Jamie Dimon has led Chase for five years. Their stock tells the story as Chase (JPM) is up 17% over roughly five years since Dimon joined and Citi is down 91%. Click here for an interactive chart.



Unfortunately, my belief in Chase's attention to detail and looking out for its customers was smacked by this letter I received yesterday. In short, Chase backs up its customer information on a tape and uses a vendor to store that tape. Chase's vendor can't find the tape that includes my name, address and social security number (SSN).



Click on pages to view the letter.

While Chase might be correct that the tape can "be read only with special equipment and software", let's not kid ourselves that this is rocket science. The larger question is why Chase's data wasn't encrypted so that even if it was able to be read (which it can be) that the data would be useless without the key to un-encrypt the data.

It's not even six weeks since I was Schwab'd by Chuck who's team also lost my SSN and personal information. Like Schwab, Chase is offering to monitor my identity with an Experian product. That's standard. Their offering to monitor it with their own branded product (Chase Identity Protection) that they hope I will like and will pay for in the future. That's Priceless. Leave it to Chase to turn an internal control and process f-up into a marketing and revenue opportunity.

Chase's letter is signed by Patricia O. Baker. That's 'O' as in O' My God, I just lost customer Social Security Numbers.

Perhaps now's the time to short Chase's stock as they've once again made the Companies Acting Badly list, this time by losing my Social Security Number and ID information. Or perhaps it's time for Chase to get a new CIO who can enforce protocols with a data storage vendor. Or perhaps it's time for Chase to get a new data storage vendor. Who's in charge of this at Chase?

JPMorganChase joins Charles Schwab, IBM, Intuit and BNY Mellon as Companies Acting Badly for managing to lose my social security number and other personal information.
Posted by at
Labels: , ,

6 comments:

Anonymous said...

I contacted Chase customer service at the number on the back of my credit card and they were unable to confirm that this letter is legitimate. It is virtually identical to a letter issued by Chase in 2008 but with a different contact number. Security did not show any indication that my account had any concerns. Is this real? Be careful.

August 18, 2009 at 3:09 PM
Impacted Customer said...

Thanks for the heads up...

August 18, 2009 at 8:11 PM
Anonymous said...

In addition to the 2008 letter cited by another poster, this looks like a repeat of an April 2007 letter (http://datalossdb.org/primary_sources/0000/0837/NY_jp_morgan_chase.pdf). Either this is a scam or security is very poor within this operation.

August 21, 2009 at 10:49 AM
Another Victim said...

In response to Anonymous, the letter is very real. I received an identical letter. When I called the 888 number included ("If you have any questions concerning this matter, please call us at 1-888-821-4277...") and asked simple questions like "What steps are being taken to prevent this from occurring again" and "What action, if any, is being taken against the vendor" I was told "We are not releasing that information." WTH?! You jeopardize the privacy and security of my information but won't tell me what preventative steps you're taking?! I'll be emailing and/or calling their CEO James Dimon (jamie.dimon@jpmchase.com 212-270-1111). And if I can locate contact info for SVP Patricia Baker, I'll be in touch with her too.

August 21, 2009 at 7:39 PM
Anonymous said...

My chase credit card number was used 3 times the day of this breach. The card has now been canceled and I was issued a new one. Chase is not telling the truth about what data was stolen.

April 4, 2011 at 10:49 PM
J Adams said...

I received a letter of apology from the above mentioned Patricia O. Baker regarding a "system error". Upon calling the executive offices I was curtly told that she would never speak to a customer. I replied that I shall no longer be a customer so now may I speak with her?

December 13, 2011 at 1:39 PM

Post a Comment

Subscribe to: Post Comments (Atom)