back to top

Trending Content:

10 Largest Information Breaches in Finance | Cybersecurity

Cybercriminals select their targets based mostly on two circumstances – most influence and most revenue.

Monetary establishments completely meet these circumstances as a result of they retailer extremely helpful knowledge, and their digital transformation efforts are creating larger alternatives for cyber attackers to entry that knowledge. For this reason the monetary sector is disproportionately focused by cybercriminals, behind healthcare.

Moreover implementing an information safety answer particular to monetary providers, top-of-the-line strategies of mitigating knowledge breaches is studying from the errors of others.

Learn the way Cybersecurity simplifies Vendor Danger Administration >

To help this effort, we have listed the ten greatest knowledge breaches within the monetary trade, ranked by stage of influence. This checklist is commonly refreshed to incorporate crucial 2022 occasions around the globe in main international locations just like the US, UK, Australia, China, and lots of extra.

The ten Largest Information Breaches within the Finance Sector

Every report features a abstract of the important thing errors that lead to a knowledge breach that will help you keep away from repeating them.

1. First American Monetary Corp Information Breachfirst american corporation logo

Date: Could 2019

Impression: 885 million bank card purposes

How did the information breach happen?

Greater than 885 million monetary and private information linked to actual property transactions had been uncovered by way of a typical web site design error.

This error is named a “Business Logic Flaw” on the FIrst American Monetary Corp web site. That is when a webpage hyperlink resulting in delicate info is not protected by an authentication coverage to confirm person entry.

This publicity was not initiated by a hacker, the vulnerability that facilitated delicate knowledge entry was attributable to an inside error – an occasion referred to as knowledge leaks.

Although knowledge leaks and knowledge breaches are two completely different occasions, they each share the identical potential end result – delicate buyer info falling into the palms of cybercriminals.

What knowledge was compromised?

The next knowledge was compromised within the First American Corp knowledge breach:

NamesEmail addressesPhone numbers of closing brokers and consumers

Armed with this info, a variety of cybercrime is feasible together with:

Study from this breach:

The next classes may be realized from the First American Monetary Corp breach:

Implement code evaluate insurance policies – Earlier than pushing any code dwell, it needs to be reviewed by a top quality management officer.Monitor for knowledge leaks – An information leak detection answer will detect and shut down all inside or third-party knowledge leaks earlier than they’re found by cybercriminals.‍2. Equifax Information Breachequifax logo

Date: Sep 2017

Impression: 147 million prospects

How did the information breach happen?

The Equifax knowledge breach was nothing in need of a catastrophe. A string of horrible cybersecurity practices made the safety breach nearly too simple for cybercriminals.

There are 4 major flaws that facilitated the safety breach.

The corporate did not patch a well known vulnerability (CVE-2017-5638) for its Open Supply growing framework – Apache Struts. On the time of the breach, the patch for CVE-2017-5638 had been accessible for six months.Equifax did not section its ecosystem, so the attackers had been capable of seamlessly entry a number of servers after gaining entry by way of the online portal breach.The hackers discovered usernames and passwords sorted in plain textual content, which had been used to escalate privileges to attain deeper entry.The hackers had been capable of exfiltrate knowledge undetected for months as a result of Equifax did not renew an encryption certificates for one among their inside instruments.

On prime of all this, over a month had elapsed earlier than Equifax lastly publicized the breach. Throughout this era, prime executives bought firm inventory, giving rise to insider buying and selling accusations.

What knowledge was compromised?

Greater than 40% of the inhabitants of America was probably impacted by the Equifax knowledge breach.

The next knowledge was compromised:

NamesDates of birthSocial safety numbersDriver’s license numbersCredit card numbers

Because of the extremely delicate nature of Personally Identifiable Info (PII) and monetary info that was compromised, Equifax was fined $700 million for the breach.

Study from this breach:

Monetary providers corporations and small companies can study many crucial classes from this breach.

Text reading - is your business at risk of a data breach? Find out.3. Heartland Fee Programs Information Breachheartland logo

Date: January 2008

Impression: 130 million debit and bank card numbers

How did the information breach happen?

In January 2008, Russian hackers injected malware by way of a webform on Heartland’s web site, ensuing within the comprised of 130 million credit score and debit card numbers.

Cyberattackers used an SQL injection assault to achieve entry to the corporate’s company community. They spent nearly 6 months making an attempt to entry sources processing bank card knowledge.

After efficiently evading anti-virus defenses, the Russian risk actors put in sniffer software program to intercept bank card knowledge in transit.

Albert Gonzales, alongside two unidentified companions, was indicted for the assault. Gonzales was sentenced to twenty years in jail.

In an try and rectify its fallen cyber resilience fame, Heartland considerably upgraded its cybersecurity and boldly issued the next knowledge breach warrant to all of its prospects:

“Heartland Fee Programs is so assured within the safety of its cost processing expertise that, on Jan. 12, it introduced a brand new breach guarantee for its customers. The guarantee program will reimburse retailers for prices incurred from an information breach that entails the Heartland Safe bank card cost processing system.” insert as quote?

Ironically, after this announcement, cybercriminals broke into the company’s payroll office and physically stole 11 computers, resulting in the compromise of Personal Identifiable Information impacting 2,200 people.

What data was compromised?

The following data was compromised in the Heartland data breach:

Credit card numbersCard expiration datesCardholder namesLearn from this breach:

The following lessons can be gleaned from the Heartland Payment Systems breach.

Regulatory compliance is not enough – Heartland was compliant with PCI DSS at the time of the incident, but it wasn’t enough to prevent the data breach. Compliance should not be confused with security. Besides regulatory frameworks, organizations must implement additional cybersecurity systems that specifically address the vulnerabilities facilitating data breaches.Implement internal security protocols – Outer-level security defenses are useless if a threat actor is able to walk away with devices housing sensitive resources. Be sure to also secure all physical inventory.Secure all third-party systems – All of the businesses that partnered with Heartland to process their payments were impacted by this breach. This event highlights the importance of vendor risk management to prevent vulnerable third parties from turning into attack vectors.

Learn the features of the best cyber risk remediation product for financial services >

4. Capital One Data Breachcapital one emblem

Date: March 2019

Impact: 100 million credit card applications

How did the data breach occur?

Former Amazon Web Services software engineer, Paige A. Thompson, illegally accessed one of the AWS servers storing Capital One’s data and stole 100 million credit card applications dating back to 2005.

It didn’t take long for the FBI to identify the attacker because Thompson didn’t attempt to obfuscate her connection to the event.

She used her full name when she posted the stolen data on GitHub and even openly bragged about the breach on social media.

The e-mail that notified Captial One among its stolen knowledge dumpThe email that notified Captial One of its stolen data dump – Source: heavy.com

 Paige Adele Thomson bragging concerning the Capital One breach on-line Paige Adele Thomson bragging about the Capital One breach online – Source: heavy.comWhat data was compromised?

The Captial One data breach impacted approximately 100 million people in the United States and over 6 million in Canada.

The following types of sensitive data were stolen:

Social security numbers (about 140,000 records)Canadian Social Insurance numbers (about 1 million records)Bank account numbers (80,000)

The magnitude of compromised data classifies this event as one of the most devastating data breaches in the financial services industry.

Learn from this breach:

The following lessons can be learned from the Capital One data breach:

Secure all cloud technology – This breach may not have occurred had Capital One secured its transition to cloud storage with an attack surface monitoring solution. This would have highlighted any data security vulnerabilities increasing the risk of data breaches.Secure all firewall configurations – A misconfigured web application firewall made this breach possible. Such insecure configurations could be rapidly discovered and addressed with attack surface monitoring software.5. JPMorgan Chase Data BreachJPMorgam chase emblem

Date: October 2014

Impact: 83 million accounts

How did the data breach occur?

Cyberattackers, allegedly located in Brazil, managed to penetrate JP Morgans’ perimeter, gain the highest level of administrative privilege and achieve root access to more than 90 of its servers.

Surprisingly, rather than leveraging available account privileges to steal financial information, only customer contact information was stolen. This very unclimactic outcome suggests the objective of the attack was to only steal specific customer details – possibly for use in future targeted cyberattacks.

What data was compromised?

The following data was compromised in the JPMorgan Chase data breach:

Internal login details for a JPMorgan employeeCustomer namesEmail addressesPhone numbersLearn from this breach:

Investigations revealed that this breach was made possible by a very basic security vulnerability.When JPMorgan’s security team upgraded one of its network servers, they failed to implement Multi-Factor Authentication (MFA).

This event demonstrates that even the most sophisticated financial institutions are susceptible to basic lapses in cybersecurity hygiene. To detect overlooked exposures that fall through manual processes, human effort should always be supported with an attack surface monitoring solution.

6. Experianexperian emblem

Date: August 2020

Impact: 24 million customers

How did the data breach occur?

A threat actor claiming to be a representative for one of Experian’s clients convinced a staff member of the Experian South African office to relinquish sensitive internal data.

Experian claimed that the information that was provided was not highly-sensitive, but rather data that are commonly exchanged during the normal course of business.

According to the South African Banking Risk Information Center (SABRIC) – one of the authorities involved in investigations – 24 million customers and almost 800,000 businesses were impacted by the breach.

What data was compromised?

The following customer information was disclosed to the threat actor:

Mobile phone numbersHome phone numbersWork numbersEmail addressesResidential addressesPlaces of workWork addressesJob titlesJob start dates

According to Experian, the threat actor intended to use the stolen data to create marketing leads for insurance and credit-related services.

Learn from this breach:

Implement cyber threat training in the workplace

The targeted Experian employee had little reason to question the authenticity of the threat actor’s call. They provided all of the relevant identifying information Experian requires of its clients – Name, Surname, and RSA ID number.

This demonstrates the sophistication of modern social engineering campaigns and how unprepared staff are to contend with this cyber threat.

Humans will always be the weakest links in a cybersecurity program. To preserve security control investments, financial services must implement cyber threat awareness training in the workplace.

This training should cover how to identify fraudulent inquiries on Linkedin since this is a growing attack vector for social engineering campaigns.

Learn about the biggest cyber threats affecting financial institutions.

Implement a data leak detection solution

On October 24, 2021, Experian became aware of a dark web post on a criminal forum containing some of the data from this breach. With the support of law enforcement, this activity was intercepted and the data deleted.

While such data leaks remain undetected, breach victims, and their impacted customers, are at an increased risk of ongoing data breaches.

By implementing a data leak detection solution, such events can be instantly detected and shut down, without wasting time waiting for external security assistance.

7. Blockblock emblem

Date: Apr 2022

Impact: 8.2 million employees

How did the data breach occur?

A Square (now known as Block) employee downloaded reports detailing customer information without permission. It’s estimated that about 8.2 million current and former customers were included in the report.

What data was compromised?

The report included the following information. 

Full namesBrokerage account numbersBrokerage portfolio valuesBrokerage portfolio holdingsStock trading activity for one trading day

Block said that sensitive information, such as passwords, social security numbers, and payment card information, was not compromised in the breach.

Learn from this breach:

An inside threat caused this breach while managing processes included in their day-to-day tasks. Because permission escalation was not required, this incident would have been difficult to detect with conventional insider threat monitoring strategies. 

Detecting potential malicious efforts within the purview of an employee’s permissible processes requires a highly-targeted and customized approach.

upguard safety rating request

‍‍Click here to request your free instant security score.

8. Desjardins GroupDesjardins

Date: June 2019

Impact: 4.2 million customers

How did the data breach occur?

A disgruntled employee of Canada’s largest credit union, Desjardins, gain unauthorized access to 4.2 million members’ data with an intent to cause harm to the company.

Investigations narrowed down the exposure to a single source, revealing the employee that was responsible.

6 months after the event, it was revealed that the breach also impacted 1.8 credit card holders outside of Desjardin’s member base.

This update likely contributed to the significant jump in estimated damage costs, which rose from $70 million to $108 million.

Another contributor to the rise in damage cost was the inclusion of 5 years of free credit monitoring by Equifax in a compensation package for victims.

Equifax also suffered a data breach, but with a significantly greater impact (see above).

What data was compromised?

The malicious employee accessed the following member data:

Social security numbersNamesEmail addressesTransaction records

Desjardins assures that no credit, debit or payment card numbers, passwords, or PINs were accessed in the breach.

Learn from this breach:

This breach was unique in that it was not a result of cyberattacks, but an insider threat.

This category of cyber risk is the most difficult to intercept because their malicious actions could easily be mistaken for legitimate daily tasks.

It’s also difficult for internal security teams to be vigilant for insider threats because they’re already exceeding their bandwidth with risk management tasks.

From these insights, and the key events leading up to the beach, the following lessons can be learned:

Secure all privileged access – The Desjardins malicious insider should not have had such liberal and unmonitored access to a large personal data resource. By securing all Privileged Access Management such unauthorized access could be prevented.Streamline Vendor Risk Management – Efficient Vendor Risk Management practices, such as Vendor Tiering, protect security teams from overload, creating sufficient bandwidth for insider threat monitoring.Look for signs of employee dissatisfaction – Regular internal servers or one-on-ones could highlight employee grievances before they escalate into insider threats.9. Westpac Banking CorporationWestpac emblem

Date: June 2013

Impact: 98,000 customers

How did the data breach occur?

This vulnerability made it possible for hackers to execute an enumeration attack – when brute force techniques are used to either confirm or guess valid records in a database.

When the attack was over, the hackers uncovered the banking details of 98,000 Westpac customers.

What data was compromised?

The enumeration attack exposed the following types of customer data:

Full names Email addressesPhone numbersAccount information

Armed with these details, cybercriminals can keep retargeting victims with a broad range of phishing attacks.

Learn from this breach:

Just because a Government sponsors a platform, it does not mean it’s cyber resistant.

Despite warnings of potential security risks, the Australian government approved its New Payments Platform (NPP), assuring the public that fraud and security concerns were “extensively considered” when growing PayID.

The info breach that paradoxically eventuated after this assertion demonstrates that authorities options are susceptible to the identical cyber threats as all third-party software program, together with dated methods like brute power assaults.

To stop such an incident, safety controls addressing brute power assaults needs to be applied.

Some examples are listed under.

Restrict login makes an attempt –  Restrict incorrect login makes an attempt from a single IP handle.Use machine cookies – Gadget cookies will block malicious login makes an attempt coming from particular browsers.Block suspicious logins – Block login performance after a sure variety of incorrect makes an attempt.Do not reveal right credentials – Forestall login fields from confirming which particular particulars are right.Use CAPTCHAS – Select CAPTCHAS that get progressively tougher and extra time-consuming with every incorrect login try.‍10. Flagstar Financial institution673c4139f7c9e8a1b4d9465f 630404d77225c63063125e26 flagstar%2520bank

Date: June 2022

Impression: 1.5 million prospects

How did the information breach happen?

One of many largest monetary suppliers in america, Flagstar Financial institution, suffered an enormous knowledge breach in June 2022, leaking the Social Safety numbers of just about 1.5 million prospects. The breach is the second such assault on the Michigan-based on-line banking large in as a few years. The financial institution didn’t disclose how hackers efficiently infiltrated the community, however preliminary investigations confirmed that the assault might have occurred as early as December 2021.

Flagstar financial institution initiated incident response protocols as quickly as they found an information breach and acknowledged that there was no proof of exploitation throughout investigations. Nevertheless, they nonetheless suggested prospects to watch their credit score intently and to report any suspicious exercise.

What knowledge was compromised?

Risk actors had been capable of acquire the next monetary knowledge:

Social Safety numbers (SSN)Banking informationPersonal info (names, addresses, birthdays)Study from this breach:

Though the precise assault vector was not specified, it highlights the significance of protecting each doable vulnerability from third-party danger to inside threats to ransomware safety. Regardless of settling a number of class-action lawsuits in March 2021, Flagstar Financial institution did not implement enough safety protocols in time.

Good practices for higher safety ought to at all times embody, however are usually not restricted to, the next:

Annual penetration testsSecurity audits (e.g. SOC 2 Audit)Up to date incident response plansProvide cybersecurity coaching

Latest

Why is Third-Celebration Threat Administration Essential in 2025? | Cybersecurity

Third-party danger administration is necessary as a result of...

What are Indicators of Assault (IOAs)? How they Differ from IOCs | Cybersecurity

Indicators of Assault (IOAs) exhibit the intentions behind a...

The Baseline Necessities of the RBI Cyber Safety Framework | Cybersecurity

Monetary establishments are amongst probably the most extremely focused...

What’s Risk Modelling? 10 Risk Identification Strategies Defined | Cybersecurity

Risk modelling is a course of for figuring out...

Newsletter

Don't miss

10 Charming Small Cities in New Mexico You’ll Need to Name House

For those who’re interested by transferring to New Mexico,...

Decreasing Provide Chain Safety Dangers with Vendor Segmentation | Cybersecurity

The vulnerabilities perforating the worldwide provide chain have remained...

How you can Hire an House in 2025: Observe These 10 Steps

Figuring out how one can lease an condo can...

Log4Shell: The Log4j Vulnerability Emergency Clearly Defined | Cybersecurity

Since December 1, 2021 a vulnerability linked to the open-source logging library Apache Log4j 2, has been actively exploited, impacting numerous digital services globally.That...

Why is Third-Celebration Threat Administration Essential in 2025? | Cybersecurity

Third-party danger administration is necessary as a result of failure to evaluate third-party dangers exposes a corporation to produce chain assaults, knowledge breaches, and...

What are Indicators of Assault (IOAs)? How they Differ from IOCs | Cybersecurity

Indicators of Assault (IOAs) exhibit the intentions behind a cyberattack and the methods utilized by the risk actor to perform their targets.The precise cyber...

LEAVE A REPLY

Please enter your comment!
Please enter your name here