Chase also needs to launch an aggressive campaign that tells affected customers what the bank would never do under the circumstances, which includes asking for online banking credentials.
The Chase breach is only the latest of several high-profile compromises that has shaken consumer trust in businesses to secure customers' personal data. Retailers Target and Home Depot each lost 10s of millions of credit and debit card numbers to criminals who hacked into their electronic cash registers.
In light of the compromises, experts are calling for companies to work with government agencies in building a secure platform in which businesses can share technical details about attacks privately. Such information can help in bolstering defenses.
Banks are already increasing the amount of attack information they share with each other through the Financial Services Information Sharing and Analysis Center (FS-ISAC), an industry group formed to meet a government directive to share information about cybersecurity threats to protect the nation's critical infrastructure.
"Expanding this beyond the financial services sector is the next step, and would help to bolster defenses across more of our critical infrastructure," Lloyd said.
Sign up for CIO Asia eNewsletters.