Incident: Internal Technology Issue Causes Zero Balances at Chase Bank

Published Date: 2013-03-18

Postmortem Analysis
Timeline 1. The software failure incident at JP Morgan Chase happened on March 18, 2013 [Article 17664].
System 1. Chase banking customers' balance information system [17664]
Responsible Organization 1. The software failure incident at JP Morgan Chase was caused by an internal issue and not a security breach, as confirmed by a spokesperson for the bank [17664].
Impacted Organization 1. Chase banking customers [17664]
Software Causes 1. The software cause of the failure incident at JP Morgan Chase was related to an internal technology problem regarding customers' balance information, which the bank spokesperson confirmed was not a security breach but an internal issue [17664].
Non-software Causes 1. The failure incident at JP Morgan Chase was caused by an internal technology problem related to customers' balance information, as confirmed by a spokesperson for the bank [17664].
Impacts 1. Customers experienced sudden reductions in their checking account balances to zero, causing frustration and inconvenience [17664]. 2. Some customers were unable to access their bank account balances via the Internet or mobile devices [17664]. 3. The software failure incident led to suspicions among customers about a possible security breach, although the bank clarified that it was an internal issue and not a cyberthreat [17664]. 4. The incident occurred shortly after a massive distributed-denial-of-service (DDoS) attack on Chase's websites, adding to customer concerns [17664].
Preventions 1. Implementing robust cybersecurity measures to prevent external cyberattacks like distributed-denial-of-service attacks [17664]. 2. Conducting regular internal system checks and audits to identify and address potential technology problems before they impact customers [17664]. 3. Enhancing monitoring systems to detect anomalies in account balances promptly and prevent widespread customer impact [17664].
Fixes 1. Implementing a software update or patch to address the internal technology problem affecting customers' balance information [17664].
References 1. JP Morgan Chase spokesperson [17664]

Software Taxonomy of Faults

Category Option Rationale
Recurring multiple_organization (a) The software failure incident related to zero balances appearing in Chase banking customers' accounts was not due to a hack but was attributed to an internal technology problem [17664]. This incident was not specifically mentioned to have happened again at the same organization. (b) The article mentioned that hackers have been targeting financial institutions with distributed-denial-of-service (DDoS) attacks, affecting organizations like Wells Fargo, Bank of America, Chase, Citigroup, HSBC, and others [17664]. This indicates that similar incidents have occurred at multiple organizations within the financial sector.
Phase (Design/Operation) design (a) The software failure incident at JP Morgan Chase was related to an internal technology problem regarding customers' balance information, which the bank spokesperson mentioned they were working to resolve. The issue was clarified to be not a security breach but an internal issue caused by system development or updates, as stated by the spokesperson: "We have a technology problem regarding customers' balance information that we are working to resolve. It has nothing cyberthreats; it's an internal issue" [Article 17664]. (b) The software failure incident at JP Morgan Chase did not seem to be directly caused by the operation or misuse of the system. Instead, it was attributed to an internal technology problem related to customers' balance information, as clarified by the bank spokesperson: "We have a technology problem regarding customers' balance information that we are working to resolve" [Article 17664].
Boundary (Internal/External) within_system (a) within_system: The software failure incident at JP Morgan Chase, where many customers' checking account balances were suddenly reduced to zero, was attributed to an internal issue within the system. A spokesperson for the bank clarified that it was not a security breach but rather a technology problem regarding customers' balance information that they were working to resolve [Article 17664]. This indicates that the failure originated from within the system itself.
Nature (Human/Non-human) non-human_actions (a) The software failure incident at JP Morgan Chase was attributed to an internal issue and not a security breach, indicating a failure due to non-human actions. The bank's spokesperson clarified that the problem with customers' balance information was related to a technology problem and not cyber threats [17664]. (b) The incident was not caused by human actions such as a hack or cyberattack. The spokesperson explicitly stated that it was an internal issue and not a security breach [17664].
Dimension (Hardware/Software) software (a) The software failure incident reported in Article 17664 was not attributed to hardware issues but rather to an internal technology problem. The spokesperson for JP Morgan Chase clarified that the issue affecting customers' balance information was related to an internal problem and not a security breach [17664]. (b) The software failure incident was specifically mentioned to be related to an internal issue and not a security breach. The spokesperson emphasized that it was a technology problem regarding customers' balance information that the bank was working to resolve, indicating that the contributing factors originated in the software or internal systems rather than external hardware [17664].
Objective (Malicious/Non-malicious) non-malicious (a) The software failure incident reported in Article 17664 was non-malicious. JP Morgan Chase denied that the incident was a hack or cyberthreat. A spokesperson for the bank mentioned that the problem was related to an internal issue and not a security breach. The representative clarified that it was a technology problem regarding customers' balance information that they were working to resolve, and it had nothing to do with cyberthreats. Additionally, the article highlighted that the zero balances appearing in customer accounts were a result of an internal issue, not a malicious attack by hackers [17664].
Intent (Poor/Accidental Decisions) unknown (a) The software failure incident at JP Morgan Chase was not due to poor decisions but rather an internal issue. The bank denied that it was a hack or cyberthreat, attributing the problem to a technology problem regarding customers' balance information that they were working to resolve [17664]. The incident was not caused by poor decisions but rather by an internal issue within the bank's systems.
Capability (Incompetence/Accidental) accidental (a) The software failure incident in the article was not attributed to development incompetence. Instead, it was clarified by a spokesperson for JP Morgan Chase that the issue with customers' balance information was related to an internal problem and not a security breach [17664]. (b) The software failure incident was categorized as accidental, as the spokesperson mentioned it was an internal issue and not a result of cyberthreats. The incident was described as a technology problem regarding customers' balance information that the bank was working to resolve [17664].
Duration temporary The software failure incident reported in Article 17664 was temporary. The incident was related to an internal technology problem at JP Morgan Chase that caused customers' balance information to be unavailable, resulting in zero balances displayed for some customers. The bank clarified that it was not a security breach but an internal issue they were working to resolve. This temporary failure was not a permanent issue caused by all circumstances but rather a specific internal problem affecting balance information access for customers [17664].
Behaviour other (a) crash: The incident reported in the article does not indicate a crash where the system loses state and does not perform any of its intended functions. (b) omission: The software failure incident described in the article does not involve the system omitting to perform its intended functions at an instance(s). (c) timing: The failure described in the article does not involve the system performing its intended functions correctly but too late or too early. (d) value: The software failure incident in the article does not involve the system performing its intended functions incorrectly. (e) byzantine: The incident does not describe the system behaving erroneously with inconsistent responses and interactions. (f) other: The behavior of the software failure incident in the article is related to an internal technology problem that affected customers' balance information, leading to zero balances displayed for some customers. The issue was not caused by a security breach but was an internal issue that the bank was working to resolve [17664].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence property (d) property: People's material goods, money, or data was impacted due to the software failure The software failure incident at JP Morgan Chase resulted in many customers seeing their checking account balances reduced to zero, causing frustration and inconvenience [17664]. Customers reported the issue via the Internet or mobile devices, with some even sharing screen shots of their zero balances on Twitter. Additionally, messages indicating that bank account balances were unavailable were displayed to users. The bank clarified that the problem was related to an internal issue and not a security breach, affecting customers' balance information [17664].
Domain finance (a) The failed system was related to the finance industry as it affected Chase banking customers' checking account balances [17664]. The incident involved an internal technology problem that caused customers' balance information to be unavailable, leading to zero balances displayed for many customers [17664]. (h) The software failure incident was specifically related to the finance industry, affecting Chase banking customers' accounts and causing frustration among customers who found their checking account balances reduced to zero [17664]. The issue was clarified by a spokesperson for the bank as being an internal problem and not a security breach [17664]. (m) The software failure incident was not related to an industry outside of the options provided.

Sources

Back to List