- Executive expressed interest in returning to Texas, memo says
- Bank reassigned chief information security officer in June
JPMorgan Chase & Co. reassigned an executive overseeing its global security, making him the second official in five months to take a new post after investigators linked stock fraudsters to a massive data breach last year.
Chief Security Officer Jim Cummings, who oversaw a team of more than 1,000 people, will move to Texas to work on military and veterans housing initiatives for the bank, according to a memo obtained Wednesday by Bloomberg. Cummings, a former head of the U.S. Air Force’s cyber-combat unit, asked to move back to the state to be with family and also will serve as corporate location leader in San Antonio, the memo said.
Cummings and former chief information security officer Greg Rattray had clashed with federal agents over who was behind the theft of data on 83 million customers and whether it should be treated as a matter of national security, Bloomberg Businessweek reported in February. Rattray, a cyber-expert at the National Security Council under President George W. Bush, was reassigned in June, becoming head of global cyber partnerships and government strategy.
Rattray and Cummings were representative of a movement among corporations to hire former government cyberwarriors deeply experienced in skirmishing with the hacking units of foreign nations. Earlier this year, people familiar with the situation said the military culture they brought made for a difficult fit at a big Wall Street bank such as JPMorgan. They said some staff members mocked Cummings’s exhortations to adhere to the Air Force’s “core values,” such as service to country, in a culture focused on serving clients.
Over the months-long hacking investigation, Cummings, a former commander of the 67th Network Warfare Group, a secretive Air Force digital warfare unit, tightly limited access to breached data in an effort to prevent leaks and control the investigation, according to people who described events before the personnel moves.
He and Rattray also argued the attack was probably the work of the Russian government, which could help secure a rare waiver from the Justice Department that would have allowed JPMorgan to delay notifying customers and regulators of the loss on national-security grounds. Within weeks of the breach’s discovery in August 2014, U.S. investigators began to suspect the attack was the work of cyber-criminals, not spies.
Cummings didn’t respond to phone and e-mail messages seeking comment. Earlier this year, Trish Wexler, a JPMorgan spokeswoman, said reports that bank staff clashed with FBI and Secret Service agents aren’t accurate.
Cummings, who previously supervised Ross Brown, head of military and veterans affairs, now will report to him, according to the memo. Steve Wisotzki and Tim McNulty were named co-heads of global security and investigations, reporting to Chief Administrative Officer Paul Compton, the memo said.
In July, authorities arrested four people in Israel and Florida, revealing a complex securities fraud scheme that people familiar with the probe said is tied to the JPMorgan hack. A fifth suspect remained a fugitive. The group, which hasn’t been charged with hacking-related crimes, includes two former Florida State University fraternity brothers.
Investigators believe some in the group partnered with Russian cybercriminals to penetrate the bank’s security and steal data, the people familiar with the investigation said. The people arrested were interviewed by agents in Israel and the U.S., and officials are assessing information garnered in those talks, one of the people familiar with the case said.
Kelly Langmesser, an FBI spokeswoman in New York, declined to comment on the status of the case.