Insider Threat Management

FBI Exposes Employee’s Account Draining Scam at JP Morgan

Share with your network!

Stealing Sensitive Customer Data

A JP Morgan employee was arrested by the FBI on charges of stealing customer account information and trying to sell it to an undercover informant.

A FBI spokesperson said that Peter Persaud got access to customer accounts in order to sell data including birth dates, Social Security numbers, passwords, bank account balances, debit card number, and three–digit security code.

FBI Exposes Employee’s Account Draining Scam at JP Morgan

The informant wore a wire to record conversations and calls with Persaud. The undercover agent, who was posing as the person buying the data from the informant, didn’t withdraw any money from victims’ accounts while working with investigators.

According to court records Peter Persaud, who was an employee at JP Morgan's Brooklyn branch, reached out an undercover FBI informant, and offered to sell him the account information of a bank customer. Persaud offered the account number, and other customer's information so withdrawals could be made and was paid $2,500 per account. The two agreed to drain the accounts with a series of transfers.

For additional evidence, the informant recorded phone conversations discussing account details, PINs, and account balances. Shortly after, Persaud met the informant and a FBI agent posing as an underworld boss.

Persaud sold more account data over the next few months, but stopped after he was temporarily suspended from the bank for reasons unknown at this point. Once the suspension had ended, Persaud offered to sell four accounts, with total balances of near $150,000 in exchange for $17,000, and at this point the FBI revealed themselves and arrested Persaud.

16 Cloud Apps You Need to Know If Employees are UsingSANS-20

JP Morgan Responds to Data Breach

Michael Fusco, a spokesman for New York-based JPMorgan, said the bank was “sorry that this happened.”

“We provided free credit monitoring to the handful of impacted customers and they will not lose any funds related to this incident,” Fusco said. “We are continuing to work closely with authorities as part of this investigation and he’s no longer a Chase employee.”

JP Morgan’s senior leaders addressed the topic of data security in notices to shareholders, with Chief Executive Officer Jamie Dimon pledging to be “very aggressive” in preventing outsiders from misusing the bank’s customer information.

“We will not compromise on the control environment and, to that end, continue to tighten data controls for ourselves, as well as for our third parties,” stated Chief Operating Officer Matt Zames.

The Court Case

Persaud, who appeared Tuesday before U.S. Magistrate Judge Viktor Pohorelsky in Brooklyn, is charged with one count of scheming to defraud a financial institution. He is in U.S. custody. The case is U.S. v. Persaud, 15-mj-00358, U.S. District Court, Eastern District of New York (Brooklyn).

It appears from the court documents that Persaud wasn't hacking accounts, merely writing down the details of large customer’s accounts and selling them. The key takeaway from this case is that companies should watch their perimeter closely but their staff even closer.

User Activity Monitoring

Since Persaud did not hack any accounts and may not have made any changes, the IT security infrastructure that uses logs, common in larger organisations did not detect Persaud's illegal activities in their systems. A user activity monitoring solution would have been able to see what Persaud was viewing even if he didn’t make changes or access accounts.

Proofpoint is the only security software company that provides tailored analytics, alerting and visual forensics to identify when users are putting your business at risk. Over 1,200 companies like Cigna, Charles Schwab and Starbucks use Proofpoint for forensics, database security, data leakage protection/extrusion prevention, and risk management.

Proofpoint provides screen-recording technology to capture all user activity regardless of the environment and converts the screenshots into User Activity Logs which makes searching, analysing, auditing, and acting upon user activity simple and easy.