Financial services firms behind 60% of leaked records in 2019

When it comes to data breaches, as we've learned in the last year, financial services firms have a lot to lose.
16 December 2019

A BlackRock data leak in 2019 exposed records of 20,000 advisers. Source: Shutterstock

Due to the nature and quantity of data they store on their customers, banks are naturally high-value, if heavily-fortified targets for attackers— new data from Bitglass sheds light on just how valuable they are. 

The cloud security firm’s 2019 Financial Breach Report revealed that while just 6.5 percent of breaches were suffered by financial services firms, they were responsible for more than 60 percent of all leaked records that were exposed.

According to the report, the infamous Capital One “mega breach” which compromised more than 100 million records was a large contributor to that— it represented the third-largest data breach recorded in US history. 

But despite the outlier, average breaches in the financial services sector are still larger and more detrimental than others, albeit occurring less frequently. 

The top three breaches of financial services firms in 2019 were suffered by Capital One Financial Corporation (106 million individuals), Centerstone Insurance and Financial Services (111,589), and Nassau Educators Federal Credit Union (86,773).

Financial services firms are not breached particularly often, but breaches tend to be larger and more detrimental than those experienced by companies in other industries.

Financial services firms are not breached particularly often, but breaches tend to be larger and more detrimental than those experienced by companies in other industries. Source: Bitglass

“Given that organizations in the financial services industry are entrusted with highly valuable, personally identifiable information (PII), they represent an attractive target for cybercriminals,” said Anurag Kahol, CTO of Bitglass. 

“Hacking and malware are leading the charge against financial services and the costs associated with breaches are growing. Financial services organizations must get a handle on data breaches and adopt a proactive security strategy if they are to properly protect data from an evolving variety of threats.”

Bitglass found that hacking and malware accounted for 74.5 percent of breaches, a slight uptick from 2018. On a smaller, but no less troubling, insider threats grew from 2.9 percent last year to 5.5 percent today. 

Meanwhile, accidental disclosures increased from 14.7 percent to 18.2 percent year on year.

Despite the average cost of a breached record rising to hit $US210 over the last few years— the largest costing behind healthcare (US$429)— many firms still aren’t taking sufficient steps in order to secure their customers’ data in the modern cloud and BYOD (‘bring your own device’) environment. 

The result is that firms often aren’t learning from their mistakes. Capital One and Discover, for example, each experienced their fourth significant data breach in 2019. American Express and SunTrust Bank, meanwhile, have each suffered five breaches since 2009.