JPMorgan Chase is an American intercontinental financial holding company that provides investment banking and financial services, has its operational headquarters in New York City and was founded in 1968. It is one of the largest banks in the world with total assets of 2.534 trillion dollars, with 250,255 and 333,666,000,000 employees and valuations respectively. They also provide strategy and structure for corporate markets, prime brokerage and research, staff indirectly using ATMs, online and telephone banking. It provides services for many clients, including financial institutions and non-profit entities. Say no to plagiarism. Get a tailor-made essay on "Why Violent Video Games Shouldn't Be Banned"? Get Original Essay In September 2014, a cyber attack occurred against the bank using the loophole in their security system causing a data breach that affected 76 million households and approximately 7 million smaller businesses. The hackers gained access to customers' contact information such as names, addresses, cell phone numbers and email addresses, but fortunately their SSN, date of birth and account numbers are not accessible. The breach occurred because the Bank's security team employee neglected and later forgot to update his network server with the double password scheme known as two-factor authentication for the login information security page, this has opened the path to phishing and malware attacks. The weak link in the bank's security system is simple and basic as the bank did not enable two-factor authentication, it opened an easy avenue for attack and a huge data breach. After the bank noticed and learned about the attack and prevented access from spreading more widely by shutting down and blocking all access paths to all 90 servers after identifying the root cause and measures to stop the rapid growth of losses. The cybersecurity team subsequently began examining data on the server affected by the data breach which stopped and any further fraud activity was not reported. The data breach costs banks an average of $154 per account and multiplying that by 83 million accounts is a staggering amount of The reported loss amounts to $12.782 billion. But the study says that losses related to breaches tend to be even more than mentioned as it adds to the loss of potential customers who end up losing business. JP Morgan announced that it will spend $250 million per year on security improvements building a robust security system. Two-factor authentication is the most basic additional layer of security access otherwise it is to add additional security to a user's login along with the regular password via code generation on mobile or email. The banking security protection system without this extra layer feature left the banks open to attacks from the other side, things could have been stopped with their extra layer of protection. JPMorgan would have had to look at a top-down structure trying to remove security flaws in its system and could have escaped the breach and public embarrassment by purchasing an internal system overhaul. Department of Justice The Department of Justice is responsible for enforcing the laws of the United States to ensure the safety of the public against domestic and foreign threats. The DOJ attack in 2016 was a successful attack on the government resulting in the loss ofnearly 200 GB of sensitive data and identities of 30,000 FBI and DHS employees and cost the US economy between $57 billion and $109 billion in 2016. Attackers gained access via employer portal of the DOJ. by contacting the DOJ office and convincing them that he is the new employee and requested the code that allowed him to access the DOJ portal and hack the system. Employers must follow all regulations to not share authorization information via phone or email and must have a strong firewall and security applications that help prevent attacks that come through physical or cyber attacks. Implementing strong corporate governanceThe strategic framework for executing its security operations comes into play as a subset of the overall business strategy around which the organization can align its IT frameworks with business frameworks to ensure the organization continues to achieve your goals and objectives by implementing procedures to measure your network and IT security performance so you can prevent any hacks/attacks in the future. This is created taking into account all parties responsible for leadership, organizational and business processes regarding information technology. In accordance with these standards and ensure that all necessary hardening principles are taken into account in the network infrastructure, security infrastructure, systems, servers and also social engineering attacks should be avoided by providing workshops and training of high level to avoid phishing, email scams and viruses such as ransomware. In this article, we choose the DOJ to discuss its IT governance plan and the security breach that occurred at the DOJ that resulted in the leak of massive amounts of sensitive information due to a cyber attack. Looking at the digital transformation taking place around the world and the amount of transactions companies handle on a daily basis, it is crucial to protect infrastructure from external and malicious cyber attacks. The stakes are becoming increasingly greater considering the PII data collected, stored and transferred in these transactions. So, the question narrows down to who will ensure that strict security measures are implemented and followed throughout the organization? This is where the need for a good IT governance framework comes into play. This can be seen as a set of standards implemented to protect the organization's users, its customers and all relevant members to minimize the percentage of risk arising from the occurrence of possible data breaches and identity theft and to grow exponentially the business successfully. IT governance should have a clear vision of the objectives and governance frameworks that may be of interest: COBIT, ITIL, CMMI and ISO38500. Conclusion In summary, data breaches have been a common occurrence in different countries, across different industries. In the data breaches covered above, we are talking about data breaches for the Department of Justice, Yahoo, and JP Morgan Chase. These three names belong to different sectors. The sectors are government, technology and financial services. Different types of data and information were at risk. This data and information includes government data, sensitive emails, and financial information. The most common event in these three methods was hacking. Hacking refers to unauthorized access to another person's computer. In the cases of the Department of Justice, Yahoo and JP Morgan Chase, hackers managed to access the databases or services of these companies/government organizations without their authorization. Companies spend.