Join the Community

22,170
Expert opinions
44,217
Total members
418
New members (last 30 days)
211
New opinions (last 30 days)
28,723
Total comments

The Three Worst Financial Industry Data Leaks

Banks, fintechs and other financial institutions have a unique responsibility to maintain the highest level of data security. Billions of people trust them with highly sensitive personal information, ranging from credit scores to home addresses, birth dates and social security numbers.  

However, this data means that banks are very attractive targets for cybercriminals, who could hit the jackpot if they manage to break through their defences. When hackers obtain the information stored by financial institutions, they can profit by selling off data to other criminals on the dark web who can use the information to steal victim’s identities and destroy their credit rating, or simply escape with their all their hard-earned money.  

Due to the high stakes involved in protecting people's money and sensitive personal information, banks take security very seriously. But today, cybersecurity professionals often adopt an “assume breach” mindset in which they accept that an attack is inevitable. Which indicates that even the toughest security will be tested at some point – and possibly compromised.  

Hacks can be extremely expensive, which means banks need to prepare. So, to help them gain understanding of the threat, here in reverse order are the top three most expensive data breaches in the history of banking.  

3) JPMorgan Chase 

Year: 2014 

Cost: $100 million 

Number of customers affected: 83 million 

Many leaks and data breaches are the result of negligence, or even carried out by malicious insiders. However, the JP Morgan Chase hack was carried out by truly audacious criminals.  

 In 2014, as part of a wide-ranging stock manipulation scheme, thieves used the “heartbleed” vulnerability to steal employee credentials and gain access to JP Morgan’s systems.  

After getting inside the network, malware was installed to allow persistent access and data exfiltration.  

From July to August 2014, hackers stole employee data, customers’ personal data and communications between top JP Morgan officials. The stolen data was used in multiple scams. 

2) Heartland Payment Systems 

Year: 2008 

Cost: $140 million 

Number of customers affected: 130 million 

Heartland Payment Systems was the sixth-largest payroll processor in the US at the time of this breach.  

Using a hacking technique called SQL injection attack, Albert Gonzalez was able to modify the code on a web script, giving him access to the login page.  

The attack went undetected for months allowing Gonzalez to gain numerous credit cards, gift cards, and rewards which then were used to fund his party lifestyle. 

Gonzalez nicknamed the hack “Operation Get Rich or Die Tryin’”, which may have referred to the name of an album by the rapper 50 Cent.  

Dealing with the breach cost $140 million, according to ComputerWorld. Of this money, $60 million was spent on settling with Visa, $42 million was earmarked for future settlements, $3.5 million was used to settle with American Express, and legal expenses amounted to at least $26 million.  

SQL injection attacks are widespread, comprising nearly two-thirds (65.1%) of all Web application attacks in 2019. 

1) Equifax Inc. 

Year: 2017 

Cost: $300 million 

Number of customers affected: 143 million 

The American credit bureau Equifax was hit by a breach involving names, social security numbers, birthdates, telephone numbers, and email addresses. In addition, the hackers stole the credit card numbers of more than 209,000 consumers.  

The data breach was caused by a third-party Apache Struts vulnerability. There was a patch available to close this vulnerability, but Equifax had not applied it to their servers.  

As a consequence of the breach, the CEO, CSO, and CIO all stepped down. A $300 million dollar settlement was reached in a class-action lawsuit and Equifax agreed to lifetime credit monitoring for all those affected.  

Cyber attackers search for the easiest way to gain unauthorized access to misconfigured connected storage devices, open databases or cloud ecosystems to steal the most valuable information an organisation holds. When a vulnerability or a data leak hits a hacker’s radar, it can become a costly breach, in more ways than one, as seen above. 

It is therefore necessary for any organisation, but particularly for finance, to take a proactive approach to cyber security. Detecting and resolving security issues before they are exploited and become a major breach should be the priority.  

 

 

 

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Join the Community

22,170
Expert opinions
44,217
Total members
418
New members (last 30 days)
211
New opinions (last 30 days)
28,723
Total comments

Now Hiring