When you think about who is behind a data breach, your mind probably swings towards the stock photo of a person wearing a black hoodie menacingly hovering over a laptop in a black room, waiting to steal your money and valuable sensitive data.

In reality, however, most data breaches are not malicious in nature at all. According to Verizon’s 17th annual Data Breach Investigation Report, the majority of incidents happen by mistake.

Verizon found 68% of data breaches around the world involved “non-malicious human action.” This means a person perhaps made an error storing data, or fell victim to a social engineering attack.

Regardless, whether the breach was intentional or not, it’s important to treat any incident as though your information is in the hands of bad actors. Taking the proper steps before, and in the aftermath of a breach is important to minimize your risk radius. Even if a breach occurs entirely by accident, the harm faced when your data is exposed can be very real. 

In this installment of the BlackCloak Thursday Threat Update, we’ll cover a pair of data breaches, including one involving J.P. Morgan Chase and another involving a collection agency.

J.P. Morgan Chase breach affects 451K retirement accounts

What we know: J.P. Morgan Chase disclosed that the retirement accounts belonging to more than 451,000 individuals were accidentally exposed. The bank said a software issue allowed users to access retirement plans they shouldn’t have been able to see from Aug. 25, 2021 through Feb. 23, 2024. Among the exposed data points include customers’ names, Social Security numbers, mailing addresses and bank routing and account numbers for users’ who set up direct deposit payments.

Recommendations: While J.P. Morgan Chase has said they do not believe any data has been misused, J.P. Morgan Chase account holders should monitor all of their accounts for any signs of fraudulent activity, even if they are not among the 451,000 affected. The bank is offering two years of identity theft protection services through Experian, and anyone who has concerns about their accounts should strongly consider placing a credit freeze and a fraud alert as an extra layer of protection.

FBCS informs nearly 2M individuals about breach

What we know: The Financial Business and Consumer Solutions agency is notifying nearly two million people about a data breach it experienced in February. An unauthorized individual was able to access the agency’s systems and was able to access several sensitive data points, including individuals’ names, Social Security numbers, dates of birth, account information and driver’s licenses numbers.

Recommendations: Similar to those impacted by the J.P. Morgan breach, anyone affected by this incident should monitor their account for fraudulent activity and consider placing a credit freeze and fraud alert on their accounts. FBCS is offering breach victims a year of credit monitoring services through Cyex.

Be ready when a breach heads your way

As much as we’d all like for them to go away, data breaches are an unfortunate part of the digital ecosystem. Everyone should have a plan for when a data breach occurs rather than treating it as an event to ignore. 

In all likelihood, everyone will be a data breach victim at some point, which is why it’s important to be ready when the time comes. By having a plan in place, you can ensure you can minimize any potential harm you may face when the breach notification letter arrives in your inbox.


Read about the best way to respond to a data breach, and when you should deploy a credit freeze and fraud alert on your accounts.


Get a demo