Threat Trends | 6 mins

Top 10 Cybersecurity Incidents in the Financial Industry

Cybercrime poses a threat to every industry in the modern world. Data can be stolen by malicious actors who are not very discerning - and they will attempt to access it if there is data to be stolen. However, some sectors are more lucrative than others.

Over the years, the financial industry has provided countless examples of cybersecurity incidents that cause substantial damage to businesses and individuals - while delivering substantial gains for the criminals involved. The value of the data and other assets involved means that cyberattacks in this sector can be some of the biggest ever seen. 

Below, we’ve highlighted the top 10 cybersecurity incidents in the financial sector, selected based on their financial impact, data loss, and industry repercussions. We’ll explore how each breach occurred, what exactly was compromised, and what the long-term fallout was.

Equifax

One of the biggest cybersecurity incidents of all time, due to the number of individuals affected and the financial damage caused, the Equifax breach of 2017 has gone down in history. An estimated 40% of the US population was impacted and Equifax was fined $700 million.

Much of the data stolen by the fraudsters was of a highly sensitive nature, including customer names, dates of birth, social security numbers, driver's license numbers, and credit card numbers. Several flaws subsequently came to light that allowed the breach to occur. These included a failure to patch a known vulnerability, a lack of segmentation, and poor encryption practices. Altogether, these represented costly failures. 

American Express

US banking heavyweight American Express recently became the victim of a data breach affecting an undisclosed number of customers. The interesting part here was that the company wasn’t breached directly at all - a third party was. The breach, which targeted a payment processing vendor allowed hackers to gain unauthorized access to sensitive American Express customer information, including account numbers, names, and other similar information like card expiration dates.

Although American Express’ internal systems weren't compromised, the financial institution did feel it was necessary to inform customers of best practices to prevent fraudulent purchases from taking place in their name. In the modern digital ecosystem, where banks collaborate with vendors from across the digital supply chain, the American Express attack reinforced the importance of monitoring asset breaches - both inside and outside the company.

The First American Financial Corporation

A relatively simple authentication flaw affecting the First American Financial Corporation resulted in more than 885 million financial and personal records linked to real estate transactions being exposed. The flaw in question is known as a "Business Logic Flaw" and occurs when an online link to sensitive information isn’t authenticated properly, allowing attackers to access it in a straightforward manner.

According to First American, customer names and email addresses were among the details left unprotected, as well as the phone numbers of real estate closing agents and buyers. This left customers vulnerable to identity theft and ransomware attacks and came as a reminder that reviews should be conducted to find vulnerabilities any time new code is pushed.

Receivables Performance Management

The provider of financial and accounts receivables management services, Receivables Performance Management became a victim of a data breach in April 2021 but did not detect the incident for another 18 months. The attack meant that social security numbers for 3,766,573 consumers were accessed by hackers. 

The organization now faces a lawsuit from some of the affected customers, who believe that the ill-gotten information is now likely being traded on the black market, leaving them at risk of follow-up attacks. 

Capital One

Again demonstrating the role that external network connections can play in a breach, Capital One had to admit to a cybersecurity incident in 2023 after a vulnerability was discovered affecting NCB Management Services, a partner firm. The breach exposed sensitive financial data relating to approximately 17,000 customers.

The breach was the result of security lapses at NCB which remained unnoticed for several days - giving attackers the time they needed to strike. As well as the reputational damage the breach caused Capital One, NCB also paid for free identity monitoring services for customers for two years, including a $1 million identity fraud loss reimbursement, resulting in significant financial damage. 

Heartland Payment Systems

Taking place over several months in 2008, a breach impacting Heartland Payment Systems caused significant damage, forced the business to go on hiatus, and resulted in several compliance violations. Around 130 million credit and debit card numbers were compromised in total - reportedly the work of Russian hackers.

The Heartland breach began when cyberattackers leveraged an SQL injection attack to access the company's corporate network before installing sniffer software to intercept credit card data in transit. The attack drove Heartland to overhaul its cybersecurity protocols and issue customers with a new breach warranty. 

JPMorgan Chase

A multinational finance company, JPMorgan Chase realized how important it was to deliver continuous protection for its assets when a relatively simple flaw caused 83 million accounts to be compromised. It’s believed that a single vulnerability allowed hackers based in Brazil to achieve the highest level of administrative privilege and gain root access to more than 90 of the company’s servers.

The breach had its roots in an attempt by JPMorgan's security team to upgrade one of its network servers. Unfortunately, the team didn’t implement multi-factor authentication during the upgrade process, leaving their systems vulnerable. Evidently, even huge, established financial organizations can fall foul of the simplest vulnerabilities.

Block

If the idea behind the rebranding of Square as Block was to boost the company’s reputation, that was undone pretty swiftly, as less than a year had passed before the organization suffered a major cybersecurity incident. The breach was an example of an insider threat, with a Block employee able to download a report containing information, such as names, brokerage account numbers, and even stock trading activity, for an estimated 8 million current and former customers. 

The Block incident was able to occur because permission escalation was not required before the employee went to access certain information. Block announced it was conducting an investigation into the incident, with insider threats proving notoriously difficult to identify. 

Bank of America

Further demonstrating the problem of third-party threats, Bank of America has had more than one cybersecurity incident traced to its partners over the years. In early 2023, for instance, the bank suffered a security incident that affected nearly half a million customers and linked the issue to a vulnerability that affected a debt collection agency it was working with. Then, earlier this year, the bank suffered another breach - this time traced back to Infosys McCamish, a provider of life insurance software.

In response to the latest breach, Bank of America announced it was enrolling affected customers in a two-year membership of identity theft protection services provided by Experian. The bank will be hoping that these services prove a little more secure.

Westpac Banking Corporation

Customers of Westpac Banking Corporation could be forgiven for thinking that the firm’s defenses would be watertight. After all, the bank is used by a number of government agencies in its domestic territory of Australia. But in 2022, a court order revealed the bank’s many compliance failures. 

Issuing an $82.92 million fine, a federal court criticized the bank for failing to meet regulations for several of the services it offers, including those across its banking, superannuation, wealth management, and insurance divisions over several years. From money laundering to enumeration attacks, the bank has faced several question marks around its security practices.

Could these breaches have been prevented?

It might not be possible to prevent every cyberattack incident, but for many of those mentioned above, there were various warning signs that could have been acted upon earlier - if security teams knew where to look. 

A common trend with many of the incidents to have befallen the financial industry over the years is third-party attacks. Vulnerability scanning and remediation needs to be implemented at all times - and across the entire digital ecosystem. Assets, whether internal or external, must be safeguarded. 

At Hadrian, our solutions, including third-party risk monitoring, can help financial institutions protect their data while enjoying the benefits of a rich digital ecosystem. The robust security provided by our tools, from vulnerability management to automated penetration testing, enables organizations to boost customer satisfaction by prioritizing digitalization - without neglecting cybersecurity. 

By adopting a hacker’s mindset, we understand why attackers find the financial industry so attractive - and we have the means to stop them. Find out how our solutions can plug vulnerabilities at your financial institution today.

Newsletter sign up

Get insights directly to your inbox

Subscribe to our newsletter for blog recaps, fresh tips, insights, and resource downloads.

Newsletter Example