Following the recent JPMorgan security breach in which 76 million households were compromised, two state attorneys general are investigating the institution. Connecticut Attorney General George Jepson and Illinois Attorney General Lisa Madigan are questioning whether JPMorgan alerted customers to the situation in a timely manner in following with Connecticut and Illinois consumer protection laws.

The FBI is also looking into the issue, and a number of other states could get involved as well. Most states have laws in place that require companies to notify customers in the case of a security breach. However, the time periods listed by law are often vaguely defined and companies are not legally obligated to alert the public unless highly sensitive information like Social Security, credit card or account numbers are stolen.

In the case of JPMorgan, only client names, email addresses and phone numbers were compromised. Although the institution doesn't appear to have violated any laws, political figures are unsatisfied with the way the bank has dealt with the breach.

Rep. Maxine Waters (D., Calif.), a member of the House Committee on Financial Services, recently commented that Congress needs to "bolster data security requirements and strengthen consumer protections that ensure victims are notified in a timely manner when their financial and personal information is stolen."

JPMorgan spokespeople have said that the company alerted the public as soon as adequate and accurate information was gathered about the incident, but that individuals with accounts affected by the breach will not be directly notified by the bank.

Emails and phone numbers can be used to hack into accounts with phishing techniques. For instance, a hacker could send a client an email pretending to be JPMorgan offering free fraud protection. If the individual then enters account information into the fraudulent website, their funds are made vulnerable.

Make sure your company is employing only the most trustworthy payment processing software so you avoid incidents like this one.