When cloud security provider Bitglass examined the state of financial services cybersecurity in 2018, it was shocked to see that data breaches of financial institutions had nearly tripled since its 2016 report.
In its 2018 Financial Breach Report, there were nearly three times as many breaches as there were two years ago, largely due to the explosive growth of hacking and malware around the world.
Key financial institution breach findings
The report contains an overview of serious financial institution breaches in the first eight months of 2018 including:
- 103 breaches compared to 37 in 2016
- hacking and malware responsible for nearly 75% of all breaches in 2018 compared to 20% in 2016
- three largest 2018 breaches exposed 1 75 million customer records, more than the entire total in 2016
- growing threats to financial institutions include cloud cryptojacking, ransomware-as-a-service platforms, modular banking trojans like Emotet and ransomware like WannaCry.
Causes of 2018 Breaches
Data breaches occurred in four primary categories: hacking and malware (73.5%), accidental disclosures (14.5%), physical breaches (8.8%), and insider threats (2.9%).
Another recent Bitglass report – Malware, P.I.: Tracking Cloud Infections – found that malware infected nearly 50% of financial institutions. A further 44% of organizations have malware in at least one of their cloud applications.
Google Drive, Microsoft SharePoint, and 93% of antivirus engines were unable to detect the zero-day ransomware ShurL0ckr, the company said.
The large incidence of hacking and malware breaches point to the clear need for financial institutions to upgrade their data security.
Largest 2018 data breaches
As highlighted in the report, data breaches of financial institutions are growing quickly and impacting record numbers of customers as hackers grow more capable and cybercrime tools more sophisticated.
In 2016, the number of breached records was only 64,512.
The three largest breaches in the first eight months of 2018 included: SunTrust Banks (1.5M records exposed) Guaranteed Rate (188K), and RBC Royal Bank (66K).
The other seven rounding out the largest 10 data breaches included: Member First Mortgage (36.8K), Bezop (25K), Sonabank (24.9K), Flexible Benefit Service Corp (19.4K), Access Group – Nelnet (16.5K), Centris Federal Credit Union (12K), and Funding Circle USA, Inc/Dun & Bradstreet (10.8K).
In the SunTrust Banks incident, a former employee stole (and possibly shared) 1.5 million customers’ names, addresses, phone numbers, and account balances.
Guaranteed Rate employees fell prey to a phishing attack, resulting in the exposure of more than 187,000 names and Social Security numbers either viewed or stolen.
66,000 users of RBC’s travel rewards website had their payment card information exposed by an unauthorized third-party accessing the bank’s Travelocity platform.
Data breach implications
“Financial organizations regularly handle sensitive, regulated data like home addresses, bank statements, and Social Security numbers,” said Rich Campagna, CMO of Bitglass. “This type of information is an incredibly attractive target for criminals, meaning financial services firms need to be highly vigilant when it comes to cybersecurity. Failing to protect data and reach regulatory compliance can spell disaster for any company.”
Clearly, financial institutions need to do a more rigorous and complete review, monitoring and installation of the latest cybersecurity programs in order to protect customers and their business.
At $100,000 or more in potential fines or penalties for each data record breached, the potential cost of data breaches is simply too disastrous to take for granted.
You can download a free copy of the Bitglass 2018 Financial Breach Report here.