Lost and stolen devices account for 1 in 4 breaches in the financial services sector

Source: Bitglass

Bitglass, the total data protection company, today announced the availability of its Financial Services breach report, an analysis of all breaches in the sector since 2006, with data aggregated from public databases and government mandated disclosures.

 The report reveals that leaks nearly doubled between 2014 and 2015, a growth trend on track to continue in 2016. The nation’s largest banks have all suffered leaks at some point in the recent past. In the first half of 2016 alone, five of the nation’s top 20 banks disclosed breaches.

The report also explores the most common causes of data leaks in the sector. Led by lost and stolen devices at 25.3 percent of breach events, financial services organizations appear to struggle with data protection on managed and unmanaged devices. While hacking accounted for a disproportionate number of individuals affected by financial services breaches, only one in five leaks were caused by hacking. Other breaches were the result of unintended disclosures, malicious insiders, and lost paper records.

“Financial institutions are prime targets for hackers and are rightfully concerned about the threat of cyber-attacks, device theft, and malicious insiders,” said Nat Kausik, CEO of Bitglass. “To stay one step ahead as data moves beyond the firewall, firms in this sector must encrypt cloud data at rest, control access by contextual risk, and protect data on unmanaged devices.”

Key findings:

  • One in four breaches in the financial services sector over the last several years were due to lost or stolen devices, one in five were the result of hacking. Fourteen percent of leaks can be attributed to unintended disclosures and 13 percent to malicious insiders.
  • Five of the nation’s 20 largest banks have already suffered data breaches in the first half of 2016.
  • In 2015, 87 breaches were reported in the financial services sector, up from 45 in 2014. In the first half of 2016, 37 banks have already disclosed breaches.
  • Over 60 organizations suffered recurring breaches in the last decade, including most major banks.
  • JP Morgan Chase, the nation’s largest bank, has suffered recurring breaches since 2007. The largest breach event, the result of a cyberattack, was widely publicized in 2014 and affected an estimated 76 million U.S. households. Other breaches at JPMorgan were due to lost devices, unintended disclosures, and payment card fraud.
  • Of the three major credit bureaus, the 2015 Experian leak was the largest, affecting 15 million individuals. Equifax has also disclosed several recent breaches, including unauthorized accesses earlier this year that affected hundreds of thousands of individuals.

Comments: (0)