Categories: JobsManagement

JP Morgan Security Exec Reassigned After Breach

The security boss at JP Morgan has been reassigned, almost a year after the American bank suffered a highly damaging data breach.

The reassignment highlights the increasingly vital position of the security executive amid a dangerous cyber landscape.

Devastating Hack

It was in late August 2014 when the FBI and Secret Service confirmed that they were investigating “co-ordinated” cyber attacks on a number of US banks.

JPMorgan was one of the American banks targeted, and it subsequently emerged that it had suffered one of the world’s largest ever data breaches. The bank admitted at the time that the hackers had exposed the names, addresses, phone numbers and email addresses of 83 million households and small business accounts.

But now it seems that the man in charge of security at that time has been reassigned.

Bloomberg saw an internal memo that shows that Greg Rattray no longer works as JPMorgan’s chief information security officer.

Rattray is a former US Air Force commander for information warfare and was a cyber-expert at the National Security Council under President George W. Bush. He has now been reassigned as head of global cyber partnerships and government strategy.

Rattray will now only oversee a few staff members instead of the hundreds he managed in JPMorgan’s cyber-security unit, Bloomberg quoted a person familiar with the change as saying.

Rohan Amin, a former cyber-security executive at Lockheed Martin Corp, who joined JPMorgan last August, has apparently replaced Rattray.

Aftermath Controversy

It was Rattray’s handling of the aftermath of the security breach that proved to be controversial, as it almost fractured the relationship between the large US bank and US federal agencies.

Rattray and his boss, Jim Cummings, apparently tightly limited access to the compromised data in an effort to prevent leaks and control the investigation. This tactic frustrated the federal agencies investigating the matter.

Indeed, the Secret Service reportedly grew so frustrated that it threatened to seize the evidence, and Joseph Demarest, then assistant director of the FBI’s cyber division, called Chief Operating Officer Matthew Zames to discuss the delays. The situation was resolved with a formal agreement to share information.

Rattray and Cummings also apparently blamed the breach on the Russian government, as they sought a rare waiver from the Justice Department that would have allowed JPMorgan to delay notifying customers and regulators of the loss on national-security grounds.

However US federal investigators quickly concluded that the attack was the work of cyber-criminals, not spies.

Rattray is not the only security executive to suffer the consequences of a cyber breach. US retailer Target admitted in December 2013 that about 40 million payment card accounts had been hacked, but this later rose to 70 million compromised customers.

A few months after that attack, Target’s CIO resigned.

Are you a security pro? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago