Cybercriminals select their targets based mostly on two situations – most influence and most revenue.
Monetary establishments completely meet these situations as a result of they retailer extremely worthwhile information, and their digital transformation efforts are creating better alternatives for cyber attackers to entry that information. This is the reason the monetary sector is disproportionately focused by cybercriminals, behind healthcare.
Moreover implementing a knowledge safety resolution particular to monetary companies, top-of-the-line strategies of mitigating information breaches is studying from the errors of others.
To assist this effort, we have listed the 14 greatest information breaches within the monetary business, ranked by degree of influence.
Find out how Cybersecurity reduces vendor-related breaches with its third get together threat evaluation software.
The 14 Greatest Knowledge Breaches within the Finance Sector
Every report features a abstract of the important thing errors that lead to a knowledge breach that will help you keep away from repeating them.
1. First American Monetary Corp Knowledge Breach
Date: Might 2019
Influence: 885 million bank card functions
How did the info breach happen?
Greater than 885 million monetary and private data linked to actual property transactions have been uncovered via a standard web site design error.
This error is called a “Business Logic Flaw” on the FIrst American Monetary Corp web site. That is when a webpage hyperlink resulting in delicate info is not protected by an authentication coverage to confirm person entry.
This publicity was not initiated by a hacker, the vulnerability that facilitated delicate information entry was brought on by an inside error – an occasion often known as information leaks.
Although information leaks and information breaches are two completely different occasions, they each share the identical potential final result – delicate buyer info falling into the arms of cybercriminals.
What information was compromised?
The next information was compromised within the First American Corp information breach:
NamesEmail addressesPhone numbers of closing brokers and consumers
Armed with this info, a variety of cybercrime is feasible together with:
Study from this breach:
The next classes will be discovered from the First American Monetary Corp breach:
Implement code evaluation insurance policies – Earlier than pushing any code dwell, it ought to be reviewed by a high quality management officer.Monitor for information leaks – An information leak detection resolution will detect and shut down all inside or third-party information leaks earlier than they’re found by cybercriminals.2. Equifax Knowledge Breach
Date: Sep 2017
Influence: 147 million clients
How did the info breach happen?
The Equifax information breach was nothing in need of a catastrophe. A string of horrible cybersecurity practices made the safety breach virtually too simple for cybercriminals.
There are 4 main flaws that facilitated the safety breach.
The corporate didn’t patch a well known vulnerability (CVE-2017-5638) for its Open Supply creating framework – Apache Struts. On the time of the breach, the patch for CVE-2017-5638 had been accessible for six months.Equifax didn’t phase its ecosystem, so the attackers have been in a position to seamlessly entry a number of servers after gaining entry via the net portal breach.The hackers discovered usernames and passwords sorted in plain textual content, which have been used to escalate privileges to realize deeper entry.The hackers have been in a position to exfiltrate information undetected for months as a result of Equifax didn’t renew an encryption certificates for certainly one of their inside instruments.
On high of all this, over a month had elapsed earlier than Equifax lastly publicized the breach. Throughout this era, high executives offered firm inventory, giving rise to insider buying and selling accusations.
What information was compromised?
Greater than 40% of the inhabitants of America was probably impacted by the Equifax information breach.
The next information was compromised:
NamesDates of birthSocial safety numbersDriver’s license numbersCredit card numbers
Because of the extremely delicate nature of Personally Identifiable Data (PII) and monetary info that was compromised, Equifax was fined $700 million for the breach.
Study from this breach:
Monetary companies firms and small companies can be taught many vital classes from this breach.
3. Heartland Fee Techniques Knowledge Breach
Date: January 2008
Influence: 130 million debit and bank card numbers
How did the info breach happen?
In January 2008, Russian hackers injected malware via a webform on Heartland’s web site, ensuing within the comprised of 130 million credit score and debit card numbers.
Cyberattackers used an SQL injection assault to achieve entry to the corporate’s company community. They spent virtually 6 months trying to entry assets processing bank card information.
After efficiently evading anti-virus defenses, the Russian menace actors put in sniffer software program to intercept bank card information in transit.
Albert Gonzales, alongside two unidentified companions, was indicted for the assault. Gonzales was sentenced to twenty years in jail.
In an try to rectify its fallen cyber resilience popularity, Heartland considerably upgraded its cybersecurity and boldly issued the next information breach warrant to all of its clients:
“Heartland Fee Techniques is so assured within the safety of its fee processing expertise that, on Jan. 12, it introduced a brand new breach guarantee for its customers. The guarantee program will reimburse retailers for prices incurred from a knowledge breach that entails the Heartland Safe bank card fee processing system.” insert as quote?
Ironically, after this announcement, cybercriminals broke into the company’s payroll office and physically stole 11 computers, resulting in the compromise of Personal Identifiable Information impacting 2,200 people.
What data was compromised?
The following data was compromised in the Heartland data breach:
Credit card numbersCard expiration datesCardholder namesLearn from this breach:
The following lessons can be gleaned from the Heartland Payment Systems breach.
Regulatory compliance is not enough – Heartland was compliant with PCI DSS at the time of the incident, but it wasn’t enough to prevent the data breach. Compliance should not be confused with security. Besides regulatory frameworks, organizations must implement additional cybersecurity systems that specifically address the vulnerabilities facilitating data breaches.Implement internal security protocols – Outer-level security defenses are useless if a threat actor is able to walk away with devices housing sensitive resources. Be sure to also secure all physical inventory.Secure all third-party systems – All of the businesses that partnered with Heartland to process their payments were impacted by this breach. This event highlights the importance of vendor risk management to prevent vulnerable third parties from turning into attack vectors.
Learn the features of the best cyber risk remediation product for financial services >
4. Capital One Data Breach
Date: March 2019
Impact: 100 million credit card applications
How did the data breach occur?
Former Amazon Web Services software engineer, Paige A. Thompson, illegally accessed one of the AWS servers storing Capital One’s data and stole 100 million credit card applications dating back to 2005.
It didn’t take long for the FBI to identify the attacker because Thompson didn’t attempt to obfuscate her connection to the event.
She used her full name when she posted the stolen data on GitHub and even openly bragged about the breach on social media.
The email that notified Captial One of its stolen data dump – Source: heavy.com
Paige Adele Thomson bragging about the Capital One breach online – Source: heavy.comWhat data was compromised?
The Captial One data breach impacted approximately 100 million people in the United States and over 6 million in Canada.
The following types of sensitive data were stolen:
Social security numbers (about 140,000 records)Canadian Social Insurance numbers (about 1 million records)Bank account numbers (80,000)
The magnitude of compromised data classifies this event as one of the most devastating data breaches in the financial services industry.
Learn from this breach:
The following lessons can be learned from the Capital One data breach:
Secure all cloud technology – This breach may not have occurred had Capital One secured its transition to cloud storage with an attack surface monitoring solution. This would have highlighted any data security vulnerabilities increasing the risk of data breaches.Secure all firewall configurations – A misconfigured web application firewall made this breach possible. Such insecure configurations could be rapidly discovered and addressed with Vendor Risk Management software.5. JPMorgan Chase Data Breach
Date: October 2014
Impact: 83 million accounts
How did the data breach occur?
Cyberattackers, allegedly located in Brazil, managed to penetrate JP Morgans’ perimeter, gain the highest level of administrative privilege and achieve root access to more than 90 of its servers.
Surprisingly, rather than leveraging available account privileges to steal financial information, only customer contact information was stolen. This very unclimactic outcome suggests the objective of the attack was to only steal specific customer details – possibly for use in future targeted cyberattacks.
What data was compromised?
The following data was compromised in the JPMorgan Chase data breach:
Internal login details for a JPMorgan employeeCustomer namesEmail addressesPhone numbersLearn from this breach:
Investigations revealed that this breach was made possible by a very basic security vulnerability.When JPMorgan’s security team upgraded one of its network servers, they failed to implement Multi-Factor Authentication (MFA).
This event demonstrates that even the most sophisticated financial institutions are susceptible to basic lapses in cybersecurity hygiene. To detect overlooked exposures that fall through manual processes, human effort should always be supported with an attack surface monitoring solution.
6. CardSystems Solutions, Inc. Data Breach
Date: 2005
Impact: 40 million credit card accounts
How did the data breach occur?
A hacker gained access to CardSystems Solutions Inc.’s computer network, a third-party payment processor, and placed malicious code that allowed access to files. The company was compliant with the relevant industry standards (PCI DSS) at the time, yet the breach still occurred.
What data was compromised?
The breach compromised 40 million credit card numbers.
Learn from this breach:
As noted in the Heartland Payment Systems breach, compliance with standards like PCI DSS does not guarantee security. Organizations must implement additional cybersecurity systems to address specific vulnerabilities.
Moreso, it’s critical that organizations secure third-party processors. Businesses that partner with payment processors must ensure their vendors have robust security measures in place to prevent becoming an attack vector.
7. Experian
Date: August 2020
Impact: 24 million customers
How did the data breach occur?
A threat actor claiming to be a representative for one of Experian’s clients convinced a staff member of the Experian South African office to relinquish sensitive internal data.
Experian claimed that the information that was provided was not highly-sensitive, but rather data that are commonly exchanged during the normal course of business.
According to the South African Banking Risk Information Center (SABRIC) – one of the authorities involved in investigations – 24 million customers and almost 800,000 businesses were impacted by the breach.
What data was compromised?
The following customer information was disclosed to the threat actor:
Mobile phone numbersHome phone numbersWork numbersEmail addressesResidential addressesPlaces of workWork addressesJob titlesJob start dates
According to Experian, the threat actor intended to use the stolen data to create marketing leads for insurance and credit-related services.
Learn from this breach:
Implement cyber threat training in the workplace
The targeted Experian employee had little reason to question the authenticity of the threat actor’s call. They provided all of the relevant identifying information Experian requires of its clients – Name, Surname, and RSA ID number.
This demonstrates the sophistication of modern social engineering campaigns and how unprepared staff are to contend with this cyber threat.
Humans will always be the weakest links in a cybersecurity program. To preserve security control investments, financial services must implement cyber threat awareness training in the workplace.
This training should cover how to identify fraudulent inquiries on Linkedin since this is a growing attack vector for social engineering campaigns.
Learn about the biggest cyber threats affecting financial institutions.
Implement a data leak detection solution
On October 24, 2021, Experian became aware of a dark web post on a criminal forum containing some of the data from this breach. With the support of law enforcement, this activity was intercepted and the data deleted.
While such data leaks remain undetected, breach victims, and their impacted customers, are at an increased risk of ongoing data breaches.
By implementing a data leak detection solution, such events can be instantly detected and shut down, without wasting time waiting for external security assistance.
8. Korea Credit Bureau Data Breach
Date: January 2014
Impact: 20 million customers
How did the data breach occur?
A former employee of the Korea Credit Bureau (KCB), an organization that provides fraud detection and risk management services, secretly copied and stole databases containing customer details over a period of time. The employee, who was working on KCB’s fraud detection system, was arrested after attempting to sell the information.
What data was compromised?
The stolen databases contained customer details.
Learn from this breach:
It is critical to restrict privileged access. Even trusted internal employees, especially those with privileged access to sensitive databases, must have their activities strictly monitored and controlled.
Additionally, it is imperative that organizations implement monitoring systems to detect unauthorized copying or transfer of sensitive data by employees.
9. Block
Date: Apr 2022
Impact: 8.2 million employees
How did the data breach occur?
A Square (now known as Block) employee downloaded reports detailing customer information without permission. It’s estimated that about 8.2 million current and former customers were included in the report.
What data was compromised?
The report included the following information.
Full namesBrokerage account numbersBrokerage portfolio valuesBrokerage portfolio holdingsStock trading activity for one trading day
Block said that sensitive information, such as passwords, social security numbers, and payment card information, was not compromised in the breach.
Learn from this breach:
An inside threat caused this breach while managing processes included in their day-to-day tasks. Because permission escalation was not required, this incident would have been difficult to detect with conventional insider threat monitoring strategies.
Detecting potential malicious efforts within the purview of an employee’s permissible processes requires a highly-targeted and customized approach.
10. NCB Management Services Data Breach
Date: 2023
Impact: Over 4.2 million records
How did the data breach occur?
The debt collection agency, NCB Management Services, was hit by a data breach. This occurred as part of a larger campaign that exploited a zero-day SQL injection vulnerability in Progress Software’s MOVEit Transfer file transfer application.
What data was compromised?
The data compromised affected more than 4.2 million individuals.
Learn from this breach:Patch software vulnerabilities: The breach involved the exploitation of a zero-day vulnerability in third-party software, underscoring the necessity of promptly applying all available security patches and updates.Third-party risk management: Supply chain attacks, where a threat actor targets a third-party provider, can compromise numerous organizations. Continuous monitoring of vendor security is crucial.
Click here to request your free instant security score.
11. Desjardins Group
Date: June 2019
Impact: 4.2 million customers
How did the data breach occur?
A disgruntled employee of Canada’s largest credit union, Desjardins, gain unauthorized access to 4.2 million members’ data with an intent to cause harm to the company.
Investigations narrowed down the exposure to a single source, revealing the employee that was responsible.
6 months after the event, it was revealed that the breach also impacted 1.8 credit card holders outside of Desjardin’s member base.
This update likely contributed to the significant jump in estimated damage costs, which rose from $70 million to $108 million.
Another contributor to the rise in damage cost was the inclusion of 5 years of free credit monitoring by Equifax in a compensation package for victims.
Equifax also suffered a data breach, but with a significantly greater impact (see above).
What data was compromised?
The malicious employee accessed the following member data:
Social security numbersNamesEmail addressesTransaction records
Desjardins assures that no credit, debit or payment card numbers, passwords, or PINs were accessed in the breach.
Learn from this breach:
This breach was unique in that it was not a result of cyberattacks, but an insider threat.
This category of cyber risk is the most difficult to intercept because their malicious actions could easily be mistaken for legitimate daily tasks.
It’s also difficult for internal security teams to be vigilant for insider threats because they’re already exceeding their bandwidth with risk management tasks.
From these insights, and the key events leading up to the beach, the following lessons can be learned:
Secure all privileged access – The Desjardins malicious insider should not have had such liberal and unmonitored access to a large personal data resource. By securing all Privileged Access Management such unauthorized access could be prevented.Streamline Vendor Risk Management – Efficient Vendor Risk Management practices, such as Vendor Tiering, protect security teams from overload, creating sufficient bandwidth for insider threat monitoring.Look for signs of employee dissatisfaction – Regular internal servers or one-on-ones could highlight employee grievances before they escalate into insider threats.12. Westpac Banking Corporation
Date: June 2013
Impact: 98,000 customers
How did the data breach occur?
This vulnerability made it possible for hackers to execute an enumeration attack – when brute force techniques are used to either confirm or guess valid records in a database.
When the attack was over, the hackers uncovered the banking details of 98,000 Westpac customers.
What data was compromised?
The enumeration attack exposed the following types of customer data:
Full names Email addressesPhone numbersAccount information
Armed with these details, cybercriminals can keep retargeting victims with a broad range of phishing attacks.
Learn from this breach:
Just because a Government sponsors a platform, it does not mean it’s cyber resistant.
Despite warnings of potential security risks, the Australian government approved its New Payments Platform (NPP), assuring the public that fraud and security concerns were “extensively considered” when creating PayID.
The information breach that sarcastically eventuated after this assertion demonstrates that authorities options are susceptible to the identical cyber threats as all third-party software program, together with dated strategies like brute power assaults.
To forestall such an incident, safety controls addressing brute power assaults ought to be applied.
Some examples are listed beneath.
Restrict login makes an attempt – Restrict incorrect login makes an attempt from a single IP handle.Use gadget cookies – Machine cookies will block malicious login makes an attempt coming from particular browsers.Block suspicious logins – Block login performance after a sure variety of incorrect makes an attempt.Do not reveal right credentials – Forestall login fields from confirming which particular particulars are right.Use CAPTCHAS – Select CAPTCHAS that get progressively tougher and extra time-consuming with every incorrect login try.13. Flagstar Financial institution
Date: June 2022
Influence: 1.5 million clients
How did the info breach happen?
One of many largest monetary suppliers in the USA, Flagstar Financial institution, suffered a large information breach in June 2022, leaking the Social Safety numbers of virtually 1.5 million clients. The breach is the second such assault on the Michigan-based on-line banking big in as a few years. The financial institution didn’t disclose how hackers efficiently infiltrated the community, however preliminary investigations confirmed that the assault might have occurred as early as December 2021.
Flagstar financial institution initiated incident response protocols as quickly as they found a knowledge breach and said that there was no proof of exploitation throughout investigations. Nonetheless, they nonetheless suggested clients to observe their credit score intently and to report any suspicious exercise.
What information was compromised?
Risk actors have been in a position to get hold of the next monetary information:
Social Safety numbers (SSN)Banking informationPersonal info (names, addresses, birthdays)Study from this breach:
Though the precise assault vector was not specified, it highlights the significance of masking each potential vulnerability from third-party threat to inside threats to ransomware safety. Regardless of settling a number of class-action lawsuits in March 2021, Flagstar Financial institution didn’t implement adequate safety protocols in time.
Good practices for higher safety ought to all the time embody, however are usually not restricted to, the next:
Annual penetration testsSecurity audits (e.g. SOC 2 Audit)Up to date incident response plansProvide cybersecurity training14. IRA Monetary Belief Cryptocurrency Theft
Date: February 2022
Influence: $36 million in cryptocurrency
How did the info breach happen?
Unknown menace actors drained $21 million in Bitcoin and $15 million in Ethereum from clients’ self-directed retirement accounts. The assault particularly focused IRA Monetary Belief, a decentralized finance (DeFi) platform.
What information was compromised?
$36 million in cryptocurrency (Bitcoin and Ethereum).
Study from this breach:Superior authentication: For platforms dealing with high-value digital property, corresponding to cryptocurrency, relying solely on normal safety could also be inadequate. Implement and implement multi-factor authentication (MFA) and different strong safety measures for all inside and buyer accounts.Protocol safety: Specialised safety protocols and good contract audits are important for DeFi platforms to forestall unauthorized governance modifications or direct fund draining.
