When he first got to the firm in 2012, Chase’s CEO, Lloyd Blankfein, said that the wallet was supposed to be a tool for the CEO to carry his wallet with him when he left the office, but he was wrong.
Instead, the wallet got hacked.
“It was like a zombie,” Blankfei told the Financial Times in 2015.
“We didn’t even think that we’d be in that position in the first place.”
Blankfeintin said that he had to put aside $400 in cash, because the wallet he used to keep track of his personal finances, a $20 bill, was stolen.
“There was a lot of stuff in there that I thought was safe, but the hackers were able to steal it,” Blankstein said at the time.
“They made off with a lot.”
At least 20,000 customers had lost money after the breach was discovered.
And it wasn’t just a security hole.
One of the hackers who broke into the wallet used a software tool to steal the CEO’s email address and the CEO himself.
“The hacker didn’t have access to any of the internal data,” Blankfelt said at that time.
Blankfeins team started to investigate the matter.
They had a few tips, he said.
They noticed that some of the CEO-related passwords and email addresses were in the wrong place, like the company’s website, so they searched for them in Google and found some.
The hackers also found a few other stolen passwords, including some used by Chase employees.
The company’s security team then asked Blankfeine to share the stolen passwords with his team.
He said that when he shared the data, he asked for the hacker to get a hold of the security team so they could figure out how to secure the company.
He also said that they shared the password with the security chief.
The security chief, who asked not to be named, said he was shocked to see the data in his team’s data center, and said that, “We all were really shocked.”
The CEO was able to secure Chase’s data, but not its data in the bank’s vault.
The bank’s chief security officer, Steve Miller, told Recode that he did not know whether the data stored in Chase’s vault was actually safe.
“As I understand it, it’s not like there’s a data breach where a bank would get a database somewhere and have to put it all back on the server.
I’m not aware of any such scenario,” Miller said.
In an email to Recode, Chase spokeswoman Stephanie Wilson said that “it is unfortunate that someone has made off a portion of the company data with a malicious hack.”
The bank has now patched the breach, she said.
And, she added, the bank is continuing to make “a robust effort” to fix the breach.
“Currency security has always been our highest priority,” Wilson said.
“Our team has done a comprehensive review of the data and is currently working to determine what happened, and will work with law enforcement to provide additional guidance to help prevent this from happening again.”