Greg Rattray, the JPMorgan Chase & Co. executive who had been overseeing the company’s computer network security, has been reassigned away from that role, Bloomberg reported Wednesday (July 1).
Rattray had been serving as the bank’s chief information security officer, but, Bloomberg said, after a year in that role marked by controversy in the wake of a data breach, alongside the fact that several key security workers left JPMorgan, the executive is now head of global cyber partnerships and government strategy.
Citing an internal memo from early last month, Bloomberg said that Rattray now reports to Paul Compton, JPMorgan’s chief administrative officer. And in Rattray’s stead, Rohan Amin, who joined the company last year after having served as a cybersecurity executive at Lockheed Martin, is now the JPMorgan chief security officer.
Bloomberg reported that Rattray, in his new role, has responsibility for “a few employees” rather than the hundreds he oversaw during his tenure at the cybersecurity operation. Citing unnamed sources, the newswire also stated that Rattray will be responsible for fostering relationships between JPMorgan and various law enforcement and government agencies. That revised role, noted Bloomberg, “surprised some bank insiders” as it comes on the heels of a data breach last August and a series of JPMorgan responses that made for rough sledding between the bank and various federal agencies.
As had been widely reported, last August the banking giant discovered a massive breach in which hackers made off with data from 85 million accounts, including names, addresses and email data. Rattray had offered authorities only limited access to the breached data, and eventually the Secret Service threatened to seize that evidence, which in turn led to a formal agreement by JPMorgan to share the information. Rattray and peers had argued that the attack was the work of the Russian government and sought to delay informing customers about the breach, claiming national security concerns. The government countered by stating that the hack came not from Russian spies but cybercriminals. Bloomberg reported that some inside the bank believed the focus on the Russian government amounted to an “excuse for shortcomings in the bank’s security.” The hack came through a server lacking strong security protocols.