>JP Morgan accidentally deletes evidence
Whatever happens, definitely absolutely do not delete that evidence.
wink wink nudge nudge, just blame it on that "the project experienced 'glitches,'"
Call me cynical.
JP Morgan has been fined $4 million by America's securities watchdog, the SEC, for deleting millions of email records dating from 2018 relating to its Chase Bank subsidiary. The financial services giant apparently deleted somewhere in the region of 47 million electronic communications records from about 8,700 electronic …
Yes, I smell a rat too. Surely you start deleting actitivies only after you've tested the process and have made a backup anyway??
And surely you verify that the data you are legally required to retain is still there? This 'oops' feels a tad too much like a happy coincidence IMHO.
The only thing that suggests (to me) that this is Murphy at work rather than calculated is the process obeyed the "legal hold" protection tag, which is of course the data that they would be most terribly sad to see deleted!
Also, if it were deliberate, being as how banks are such beloved institutions, I would wonder where are the loyal staff eager to protect their wonderful employer but who feel compelled to rat them out?
The files that were on legal hold were put there because the court system, civil or criminal, already had them on their radar. The stuff that was supposed to be retained contained stuff that they were required to produce in pending suits, but no-one had flagged up in discovery yet.
If they delete files on legal hold, they will come back and ask you where the files they told you to hold are. Their only play is that the penalties of destroying evidence and (probably willful) destruction of evidence are less severe that whatever legal doom cloud is hanging over their heads.
If they delete files that the other side hasn't seen yet, the plaintiff or prosecutor has to then try to find copies of the missing documents somewhere else. If they can't, then the bad-actor may actually get away with a slap on the wrist. (and lets be clear, 4mill from JP Morgan-Chase isn't even a slap, it's about the sum of the rounding errors in the residential banking sector. That's what this incident is about, an insufficient but well deserved notice that the government saw what they were doing at least wanted to squawk about it.
Err, dude, you appear to have failed to detect any element of sarcasm!
As a matter of fact, you're quite possibly wrong: files on legal hold are likely to be in that state because the banks own lawyers (i.e. the legal department) said put them in that state, which may or may not have anything to do with a court system (yet), or indeed an action that the bank might be defending (which is to say that some files get placed in that sort of state because the bank has flagged them as potentially of interest to law enforcement).
But have a nice day!
If only there was some way in which to capture an information store, just store it back up in an attic or something.
But, they apparently can't back up, they only back down to the bit bucket, as part of their disaster preparedness efforts.
So, all backups, both on site and off site, grandfathered or incremental, all also got weeded?
Yeah and the Crown Jewels just fell into the boot of my vehicle.
"Yeah, it was all their fault!"
Hint: you can outsource the work, but not the responsibility.
It will be interesting to see whether or not JP Morgan turns around and sues the contracting company for damages. If they don't, that may be an indicator that those were "accidental" deletions wink, wink; nudge, nudge.
It'll depend on the contract, of course. I suspect someone at the contracting company may have said "are you sure about this? Like, really really sure? Like, sign this paper indemnifying me personally and the company I work for from any legal action arising from me pressing this button you're telling me to press". If they had any sense, that is.
Nah. The article says the contractors assured bot JP Morgan and the SEC that their processes were compliant. I don't really see how any contractual indemnity could get them out of that mess. So, assuming JP Morgan are telling the truth, the whole truth and nothing but the truth, they should of course as you said, be starting the process of suing the contractor for the full amount of the fine and all associated costs resulting from the investigation and legal process.
JP Morgan insists that they said that. I for one won't take their word alone for that, as companies always lay blame on the vendor when they footgun themselves. It appears based on the details in the article that the platform they used provided the functionality required to implement a compliant policy. JP Morgan gave it's users the ability to override the retention settings, and relied on them to set the settings correctly for new silos of information like the acquired chase assets. It gave them the rights to mass delete records without training them on how the system actually works. AWS buckets used to be a pain to lock down from the defaults, that doesn't mean that a company isn't to blame when they leave one wide open.
There is also likely an auditing trail that pointed out exactly who changed what and when, which probably helped the FTC make it's case. JP Morgan is just trying to re-frame this and deflect now that it is hitting the newswires.
Would be interesting to know approx. what fines and other costs* they would have incurred IF they were at fault in those investigations where data was missing, and how that compares to 4M.
If fines etc. were likely to be > 4M then surely 4M fine should have been increased as if we assume data loss was accidental it has still prevented those investigations and although no guilt can be assumed, fine ought to reflect worse case of those investigations resulting in fines, otherwise we have a case of this accident potentially saving a lot of money.
* e.g. intangible costs such as loss of future business, reputational damage (though whether a company known as the vampire squid can have its reputation reduced further is arguable)
Sorry? Loss of future business?
Let's see, they have 'accidentally' deleted records which we'll never know, but could possibly have implicated themselves or (gasp) their clients in being naughty, and have suffered a mere $4 million fine. Sounds like some pretty good advertising to me. But then what do I know?*
(Troll icon, coz this is deliberately provocative.)
* I did do some consultancy for a well known commercial financial institution. The 'Money Men' (and yes they are still almost all men, despite all the advances of 'equal rights for women' etc.) were interested solely in money. So they might just consider this to be a benefit. Had Bernie Madoff or the Enron chaps had this sort of 'luck' maybe they'd not have had such long sentences.
"hmm lets look at the maths"
Always, *always* follow the money!
$4M is pocket lint amount for JP Morgan and that saved them from most probable conviction in 12 separate court cases.
This is literally a case where a 3M insurance paper rubs to a 30k house, causing a fire: You can call it an accident but no-one will believe you. But, in this case JP Morgan paid a 50k fine and got to keep the 3M insurance money: That does not happen to ordinary people.
Dear JP Morgan CEO and Board,
This is squarely on YOUR shoulders. You hired the vendor, you failed in supervising them and verifying their deletion procedures. Did you even bother testing them on a replication system BEFORE going live? Probably not.
If I was a stock holder, I'd call for your ouster and file a suit for failure of fiduciary duties.
Anybody care to speculate about the exact location of the company hired to do the archiving? Perhaps one located in a country famed for bait-and-switch staffing, exaggeration of capabilities and certifications etc.? Oh the physical archives may have stayed in the USA, but it's rupees to bhajis that the staff were located elsewhere.
"Accidentally deleted????" Sounds like JP Morgan must have used the same IT support as Hillary Clinton. Did JP Morgan also "accidentally" destroy the hard drives with a hammer like Hillary did? LOL. $4M fine seems like peanuts for something like this. Any wonder most Americans find it difficult to trust the government to hold the elites accountable?
The oddity of the Clinton emails is that destroying the hard drives with hammers (which I don't think actually happened; the indication is that the files were purged with a thing called BleachBit) is precisely the correct action to take if they did indeed contain sensitive information!
However, the comparison with the Clinton server is apt: IF the deleted records were somehow incriminating, THEN this was a problem. But if they were personal emails (as Clinton alleged) or routine emails that would have been purged by 2021 anyway (the Chase emails), THEN there was no problem, except that it's hard to prove the absence of problem because the data was gone.
In the words of the SEC, "Because the deleted records are unrecoverable, it is unknown – and unknowable – how the lost records may have affected the regulatory investigations."!
[ The boring small print in the SEC statement reveals the rather dull scope of the issue: in June 2019 records created between January 2018 and April of that year were deleted; the law requires that they be kept until January - April 2021, so they were deleted after 14 - 17 months instead of after 36. Clearly this is wrong, but it explains why the penalty is also quite low. ]
And laughably, for being so destroyed, the FBI has drive images of Hillary's mail server. The FBI released a report on the contents.
It all ceased to exist in only one excuse for a mind.
The majority of classified documents on that mail server were only Confidential and were mismarked, making it easy to not realize that and leave them on the server (there's a procedure for data spills like that, handled quite a few over the decades).
Well, A quick Google shows:
IRS: Link
3 years (individual returns except as noted below)
4 years (employment tax records after tax due/paid date)
6 years (not reporting income you should have reported)
7 years (file a claim for a loss from worthless securities or bad debt reduction)
Other notes: MeyersBrothersKalicka CPA link
10 years (some legal documents; e.g. cancelled leases, notes receivable, etc.)
Permanent (some legal documents; e.g. bills of sale, permits, contracts, etc.)
Deleting the past options trading records of a broker by rebuilding an old server that had been taken out of service after migration to a new server. Historical data was held on storage in the original server, and needed to be transferred to the new server, but to get the new server up in time for market operation and to avoid delays in the system, the transfer was delayed, and then forgotten :(
Mind you this happened back around the turn of the century before virtualisation became as widespread as it is now.
Unfortunately at the time we were embroiled in a court case about one of our securities traders doing unauthorised options trading on their client's accounts ( called discretionary trading and very much frowned on by ASIC Australian Securities and Investment Commission)
So my boss had to write a stat dec that the data had been irretrievably destroyed, and that the backups only backed up the live data, not the historical records. This was based on information from the trading system suppliers who looked at the backups as a way of getting the system back up and running for trading and not as a way of restoring historical information.
So the takeaway for me was, always backup and test said backup before destroying a server.