ERCOT Says Certain Counter-Party Financial Data Disclosed By One Of ERCOT's Financial Institutions
April 21,2020
ERCOT said in a market notice that, "On April 15, 2020, one of ERCOT’s financial institutions, JPMorgan Chase Bank, N.A. (JPMorgan) notified ERCOT that JPMorgan experienced an internal data code issue, which resulted in the inclusion of bank account and financial transaction data belonging to ERCOT Counter-Parties in balance and transaction reports that were downloaded by 19 JPMorgan clients/customers on March 16 and 17, 2020."
"The balance and transaction reports downloaded by JPMorgan’s clients/customers contained data for Business Days March 13 and 16, 2020. JPMorgan informed ERCOT that it identified the issue on March 21, 2020 and immediately implemented a code fix to prevent further recurrence," ERCOT said
"JPMorgan has assured ERCOT that this event was not the result of a cyber incident; it was an internal data code issue," ERCOT said
"ERCOT’s understanding is that the following types of information were included in the balance and transaction reports: bank account names; bank account numbers; and transaction information (e.g., dollar amounts, wire remark information, and bank reference numbers)," ERCOT said
"ERCOT Protocol Section 1.3.1.1(1)(z) identifies 'non-public financial information provided by a Counter-Party to ERCOT pursuant to meeting its credit qualification requirements as well as the QSE’s form of credit support' as Protected Information. ERCOT considers some of the data contained in the reports downloaded by JPMorgan’s clients/customers to be Protected Information under ERCOT Protocol Section 1.3.1.1(1)(z) -- i.e., Qualified Scheduling Entity (QSE) and Congestion Revenue Right (CRR) Account Holder (CRRAH) bank account numbers and other information identifiable to a QSE’s form of credit support (i.e., payments identified as collateral postings to satisfy credit qualification requirements)," ERCOT said
"ERCOT is working with JPMorgan to ensure that all steps are being taken to mitigate any risk associated with this issue. ERCOT is also in the process of identifying the Counter-Parties that were impacted by JPMorgan’s disclosure, and will be providing those Counter-Parties with information regarding the specific types of Protected Information that was disclosed. ERCOT’s preliminary determination is that the Protected Information disclosed by JPMorgan is primarily limited to QSE and CRRAH bank account numbers; very few instances of other information identifiable to a QSE’s form of credit support have been identified," ERCOT said