Blog
October 8, 2024

The Biggest Financial Data Breaches in 2023

How safe is your data? This article provides an overview of the year's major data breaches, focusing on evolving cyber threats that have emerged for organisations operating in the financial sector.

Download
Download

2023: A year when financial data breaches not only broke records but trust worldwide.

Read on to gain a deeper understanding of the key vulnerabilities exploited, the impacts of these breaches, and how implementing Data Loss Prevention (DLP) tools can fortify your defences against similar threats.

The Landscape of Financial Data Breaches in 2023

2023 was a challenging year for financial data security; the industry saw an average data breach cost surge to an unprecedented $4.45 million, a 2.3% increase from the previous year's figure. This uptick is not just a year-over-year anomaly; it's part of a worrying trend that has seen costs rise by 15.3% since 2020.

The financial sector, a vital pillar of our economy, was particularly hard hit, with breach costs averaging $5.90 million, making it the second most impacted sector after healthcare. The repercussions of these breaches are extensive. For businesses, it's not just about the immediate financial hit; the long-term brand damage and loss of consumer trust can undermine years of goodwill.

Consumers, on the other hand, face the anxiety and potential harm of personal data exposure, which can lead to identity theft and financial fraud. This year, companies have faced breaches that are not only more costly but have far-reaching consequences for everyone involved.

One of the most telling trends in 2023 is the heightened investment in security following a breach. Over half of the organisations surveyed are planning to increase their security budget. This shows a clear recognition of the need for tightly controlled security measures.

Additionally, the role of Security AI and automation has become prominent, with organisations that adopted these technologies reporting $1.76 million less in breach costs than those that did not. This highlights a pattern where proactive investment in advanced security technologies is a cost-saving measure over time.

Top Five Financial Data Breaches of 2023

#1. T-Mobile US Data Breach

Overview of the Breach

In 2023, T-Mobile US was hit by a data breach that affected 37 million customers. This breach, discovered on January 5, had begun around November 25, 2022, and involved exposing personal customer information. The compromised data types included names, billing addresses, email addresses, phone numbers, dates of birth, T-Mobile account numbers, and details about service plans.

Although financial data was not directly accessed, the breadth of personal information obtained was substantial and worrying. This incident was reported by various news outlets, including a detailed article on Reuters, which highlighted the scale and seriousness of the breach.

Analysis of How the Breach Occurred

The breach was executed through an API that T-Mobile used for customer support. The "bad actor" behind the breach exploited a security flaw within this API, which allowed them to extract customer data en masse. The malicious activity was not immediately detected, allowing the perpetrator to access the data for over a month. As CNET reported, T-Mobile's systems were not compromised, indicating that the breach was a targeted attack on the API's security.

Consequences for the Company and Its Customers

The discovery of the breach led to a recognition of the personal data vulnerability of millions of T-Mobile customers. Although no financial data was exposed, the incident laid the groundwork for possible phishing operations, as personal details are often used in such schemes. The event, as reported by TechTarget, raised concerns about the frequency of security incidents at T-Mobile and the implications for customer trust and future regulatory scrutiny.

#2 - Capital One

Overview of the Breach

Capital One's security was breached in 2023 due to a vulnerability within the systems of NCB Management Services, a partner firm. This breach, which began on February 1 and was uncovered on February 4, exposed sensitive financial data of around 16,779 customers. The leaked information was extensive, including Social Security numbers, account and credit card numbers, security codes, and PINs. Coverage by The Record highlighted the severity of the breach, given the type of information that was accessed.

Analysis of How the Breach Occurred

Attackers exploited a security weakness in NCB Management Services, which went undetected for several days. This lapse allowed the attackers to gather personal and financial information. The details on the nature of the vulnerability are sparse, but the incident indicates the risks associated with third-party service providers. Insights from IDStrong pointed out the necessity for financial institutions to continuously monitor their third-party vendors’ security postures.

Consequences for the Company and Its Customers

The breach affected tens of thousands of Capital One customers, putting them at risk of identity theft and financial fraud. The data obtained could be sold or used in targeted phishing attacks. Following the breach, Capital One and NCB Management Services took measures to mitigate the damage, as described in JD Supra’s report, including offering credit monitoring services to the affected customers. The breach had significant repercussions for the individuals whose data were compromised and Capital One's operational security and customer relations.

#3 - Bank of America Vendor Data Breach

Overview of the Breach

In early 2023, a breach at NCB Management Services, a debt collection agency, affected Bank of America's customers. This security incident exposed the personal and financial data of nearly 495,000 individuals. The breach, detected on February 4, compromised plenty of customer data, from Social Security numbers to credit card information. The situation was first reported by IDStrong, highlighting the extensive nature of the data involved.

How the Breach Occurred

External hackers infiltrated NCB Management Services' systems, targeting data related to Bank of America customers. This attack underscores the vulnerability of financial institutions associated with third-party vendors. According to reports from SecurityWeek, the unauthorised access was a clear exploitation of security weaknesses within the debt collection company’s infrastructure.

Consequences for the Company and Its Customers

The breach had serious repercussions, putting affected customers at significant risk of identity theft and financial fraud. As detailed by Top Class Actions, personal and financial information, including credit card details and Social Security numbers, could be utilised in fraudulent activities. NCB Management Services responded by terminating the unauthorised access and offering identity theft prevention services to those impacted.

#4 - Voya Financial Advisors

Overview of the Breach

Voya Financial Advisors suffered a data breach after an unauthorised third party accessed an employee's email account on February 9, 2023. The breach, discovered and contained on the same day, led to the potential exposure of personal data belonging to approximately 11,734 accounts. The incident was made public through legal advisories and news reports, including coverage on My Injury Attorney, indicating the gravity of the security lapse.

How the Breach Occurred

This breach resulted from a compromised email account belonging to a Voya employee. The “malicious actor” behind this unauthorised access exploited vulnerabilities in email security to gain access to sensitive customer information. This attack is a stark reminder of the potential risks associated with email communications and the need for strong cybersecurity measures, as discussed on JD Supra.

Consequences for the Company and Its Customers

The leaked consumer data, which included names, addresses, and Social Security numbers, could lead to increased risks of identity theft and financial fraud for the individuals affected. Voya Financial Advisors took immediate action by notifying the impacted customers and offering legal assistance, as mentioned in the investigation update by Turke & Strauss. The breach has raised concerns about data security practices and the potential aftermath for those whose information was compromised.

#5 - Retirement Clearinghouse

Overview of the Breach

Retirement Clearinghouse, an organisation specialising in retirement account consolidation services, reported a data breach that affected approximately 10,500 individuals. The breach, identified in March 2023, resulted from a phishing attack on an employee's email account, leading to potential unauthorised access to personal data files. This incident was reported by multiple sources, including PlanSponsor, which detailed the nature and extent of the exposure.

How the Breach Occurred

A phishing scheme was the vector of attack for the breach at Retirement Clearinghouse. Phishing, a method where attackers masquerade as trustworthy entities to acquire sensitive information via email, enables the attackers to compromise files containing personal data. The incident highlights the ever-present threat of socially engineered cyber-attacks and the importance of continuous vigilance against such tactics.

Consequences for the Company and Its Customers

Following the breach, Retirement Clearinghouse swiftly notified the affected individuals that their Social Security numbers and IRA account information may have been accessed. According to reports from InvestmentNews, the company offered complimentary identity protection services and guidance on securing their information. While the breach had a limited scope and did not impact client assets or the network for reuniting small 401(k) balances, it was a critical reminder of the potential risks of handling personal financial data.

Common Vulnerabilities and Attack Vectors

The financial data breaches of 2023 have shed light on the persistent and evolving threats that financial institutions and their affiliates face in an age where data is at the heart of every business. These incidents have highlighted specific security lapses and underscored the broader vulnerabilities within the sector's cybersecurity practices. From exposed APIs to phishing schemes, the methods used by cybercriminals have varied, yet they share commonalities in exploiting security weaknesses:

  • API Security: Inadequate security measures for APIs were exploited, allowing unauthorised access to sensitive data.
  • Phishing Attacks: Cybercriminals use deceptive emails to access employee accounts and sensitive information.
  • Third-Party Risk: Hackers targeted vulnerabilities in third-party vendors' systems with access to financial institutions' customer data.
  • Email Account Compromise: Employee email accounts were breached, often due to poor password practices or lack of multi-factor authentication.
  • Insufficient Monitoring: Delays detecting unauthorised access allowed hackers to extract sensitive data over extended periods.

In facing these challenges, it is imperative that the financial sector recognises the patterns and strengthens its defence mechanisms. Proactive measures must include stringent API security protocols, comprehensive third-party risk assessments, enhanced employee training against phishing, and the implementation of advanced monitoring systems to detect and respond to suspicious activities promptly.

📝Report: The State of Data Security in Financial Services

In our 2024 ‘The State of Data Security in Financial Services’ report, we dissect our own proprietary data to understand how financial services companies are navigating data security. You'll find:

  • The pivotal data types that hold significance for Financial Service Companies
  • A comprehensive understanding of the risks posed by stale data and effective management strategies
  • Compelling reasons why financial institutions should prioritise attention to access controls
Download our Report: The State of Data Security in Financial Services

DLP's Role in Preventing Financial Data Breaches

Data Loss Prevention can be a digital shield for financial institutions to protect sensitive information like Social Security numbers and bank account details. It identifies and safeguards key financial data smartly, adapting to each organisation's security requirements.

In implementing DLP within financial institutions, it's best to opt for a solution that can seamlessly integrate with the existing SaaS apps teams use daily. The DLP tool should provide a holistic and real-time view of sensitive data across the entire digital ecosystem, helping to triage risks quickly with an AI-powered scoring system and enabling detailed analyses at the employee and department levels.

This level of insight, coupled with the power to automate remediation and engage employees as a human firewall, significantly enhances an organisation's ability to prevent data breaches and ensures a proactive stance in data security management.

Conclusion

Reflecting on 2023, the financial sector faced key challenges like weak API security and sophisticated phishing attacks, underscoring the importance of Data Loss Prevention. This review highlights the urgent need for comprehensive security strategies, including DLP, to safeguard financial data.

To learn how Memtomic can help prevent your financial organisation from data breaches, book a demo with us today.

2023: A year when financial data breaches not only broke records but trust worldwide.

Read on to gain a deeper understanding of the key vulnerabilities exploited, the impacts of these breaches, and how implementing Data Loss Prevention (DLP) tools can fortify your defences against similar threats.

The Landscape of Financial Data Breaches in 2023

2023 was a challenging year for financial data security; the industry saw an average data breach cost surge to an unprecedented $4.45 million, a 2.3% increase from the previous year's figure. This uptick is not just a year-over-year anomaly; it's part of a worrying trend that has seen costs rise by 15.3% since 2020.

The financial sector, a vital pillar of our economy, was particularly hard hit, with breach costs averaging $5.90 million, making it the second most impacted sector after healthcare. The repercussions of these breaches are extensive. For businesses, it's not just about the immediate financial hit; the long-term brand damage and loss of consumer trust can undermine years of goodwill.

Consumers, on the other hand, face the anxiety and potential harm of personal data exposure, which can lead to identity theft and financial fraud. This year, companies have faced breaches that are not only more costly but have far-reaching consequences for everyone involved.

One of the most telling trends in 2023 is the heightened investment in security following a breach. Over half of the organisations surveyed are planning to increase their security budget. This shows a clear recognition of the need for tightly controlled security measures.

Additionally, the role of Security AI and automation has become prominent, with organisations that adopted these technologies reporting $1.76 million less in breach costs than those that did not. This highlights a pattern where proactive investment in advanced security technologies is a cost-saving measure over time.

Top Five Financial Data Breaches of 2023

#1. T-Mobile US Data Breach

Overview of the Breach

In 2023, T-Mobile US was hit by a data breach that affected 37 million customers. This breach, discovered on January 5, had begun around November 25, 2022, and involved exposing personal customer information. The compromised data types included names, billing addresses, email addresses, phone numbers, dates of birth, T-Mobile account numbers, and details about service plans.

Although financial data was not directly accessed, the breadth of personal information obtained was substantial and worrying. This incident was reported by various news outlets, including a detailed article on Reuters, which highlighted the scale and seriousness of the breach.

Analysis of How the Breach Occurred

The breach was executed through an API that T-Mobile used for customer support. The "bad actor" behind the breach exploited a security flaw within this API, which allowed them to extract customer data en masse. The malicious activity was not immediately detected, allowing the perpetrator to access the data for over a month. As CNET reported, T-Mobile's systems were not compromised, indicating that the breach was a targeted attack on the API's security.

Consequences for the Company and Its Customers

The discovery of the breach led to a recognition of the personal data vulnerability of millions of T-Mobile customers. Although no financial data was exposed, the incident laid the groundwork for possible phishing operations, as personal details are often used in such schemes. The event, as reported by TechTarget, raised concerns about the frequency of security incidents at T-Mobile and the implications for customer trust and future regulatory scrutiny.

#2 - Capital One

Overview of the Breach

Capital One's security was breached in 2023 due to a vulnerability within the systems of NCB Management Services, a partner firm. This breach, which began on February 1 and was uncovered on February 4, exposed sensitive financial data of around 16,779 customers. The leaked information was extensive, including Social Security numbers, account and credit card numbers, security codes, and PINs. Coverage by The Record highlighted the severity of the breach, given the type of information that was accessed.

Analysis of How the Breach Occurred

Attackers exploited a security weakness in NCB Management Services, which went undetected for several days. This lapse allowed the attackers to gather personal and financial information. The details on the nature of the vulnerability are sparse, but the incident indicates the risks associated with third-party service providers. Insights from IDStrong pointed out the necessity for financial institutions to continuously monitor their third-party vendors’ security postures.

Consequences for the Company and Its Customers

The breach affected tens of thousands of Capital One customers, putting them at risk of identity theft and financial fraud. The data obtained could be sold or used in targeted phishing attacks. Following the breach, Capital One and NCB Management Services took measures to mitigate the damage, as described in JD Supra’s report, including offering credit monitoring services to the affected customers. The breach had significant repercussions for the individuals whose data were compromised and Capital One's operational security and customer relations.

#3 - Bank of America Vendor Data Breach

Overview of the Breach

In early 2023, a breach at NCB Management Services, a debt collection agency, affected Bank of America's customers. This security incident exposed the personal and financial data of nearly 495,000 individuals. The breach, detected on February 4, compromised plenty of customer data, from Social Security numbers to credit card information. The situation was first reported by IDStrong, highlighting the extensive nature of the data involved.

How the Breach Occurred

External hackers infiltrated NCB Management Services' systems, targeting data related to Bank of America customers. This attack underscores the vulnerability of financial institutions associated with third-party vendors. According to reports from SecurityWeek, the unauthorised access was a clear exploitation of security weaknesses within the debt collection company’s infrastructure.

Consequences for the Company and Its Customers

The breach had serious repercussions, putting affected customers at significant risk of identity theft and financial fraud. As detailed by Top Class Actions, personal and financial information, including credit card details and Social Security numbers, could be utilised in fraudulent activities. NCB Management Services responded by terminating the unauthorised access and offering identity theft prevention services to those impacted.

#4 - Voya Financial Advisors

Overview of the Breach

Voya Financial Advisors suffered a data breach after an unauthorised third party accessed an employee's email account on February 9, 2023. The breach, discovered and contained on the same day, led to the potential exposure of personal data belonging to approximately 11,734 accounts. The incident was made public through legal advisories and news reports, including coverage on My Injury Attorney, indicating the gravity of the security lapse.

How the Breach Occurred

This breach resulted from a compromised email account belonging to a Voya employee. The “malicious actor” behind this unauthorised access exploited vulnerabilities in email security to gain access to sensitive customer information. This attack is a stark reminder of the potential risks associated with email communications and the need for strong cybersecurity measures, as discussed on JD Supra.

Consequences for the Company and Its Customers

The leaked consumer data, which included names, addresses, and Social Security numbers, could lead to increased risks of identity theft and financial fraud for the individuals affected. Voya Financial Advisors took immediate action by notifying the impacted customers and offering legal assistance, as mentioned in the investigation update by Turke & Strauss. The breach has raised concerns about data security practices and the potential aftermath for those whose information was compromised.

#5 - Retirement Clearinghouse

Overview of the Breach

Retirement Clearinghouse, an organisation specialising in retirement account consolidation services, reported a data breach that affected approximately 10,500 individuals. The breach, identified in March 2023, resulted from a phishing attack on an employee's email account, leading to potential unauthorised access to personal data files. This incident was reported by multiple sources, including PlanSponsor, which detailed the nature and extent of the exposure.

How the Breach Occurred

A phishing scheme was the vector of attack for the breach at Retirement Clearinghouse. Phishing, a method where attackers masquerade as trustworthy entities to acquire sensitive information via email, enables the attackers to compromise files containing personal data. The incident highlights the ever-present threat of socially engineered cyber-attacks and the importance of continuous vigilance against such tactics.

Consequences for the Company and Its Customers

Following the breach, Retirement Clearinghouse swiftly notified the affected individuals that their Social Security numbers and IRA account information may have been accessed. According to reports from InvestmentNews, the company offered complimentary identity protection services and guidance on securing their information. While the breach had a limited scope and did not impact client assets or the network for reuniting small 401(k) balances, it was a critical reminder of the potential risks of handling personal financial data.

Common Vulnerabilities and Attack Vectors

The financial data breaches of 2023 have shed light on the persistent and evolving threats that financial institutions and their affiliates face in an age where data is at the heart of every business. These incidents have highlighted specific security lapses and underscored the broader vulnerabilities within the sector's cybersecurity practices. From exposed APIs to phishing schemes, the methods used by cybercriminals have varied, yet they share commonalities in exploiting security weaknesses:

  • API Security: Inadequate security measures for APIs were exploited, allowing unauthorised access to sensitive data.
  • Phishing Attacks: Cybercriminals use deceptive emails to access employee accounts and sensitive information.
  • Third-Party Risk: Hackers targeted vulnerabilities in third-party vendors' systems with access to financial institutions' customer data.
  • Email Account Compromise: Employee email accounts were breached, often due to poor password practices or lack of multi-factor authentication.
  • Insufficient Monitoring: Delays detecting unauthorised access allowed hackers to extract sensitive data over extended periods.

In facing these challenges, it is imperative that the financial sector recognises the patterns and strengthens its defence mechanisms. Proactive measures must include stringent API security protocols, comprehensive third-party risk assessments, enhanced employee training against phishing, and the implementation of advanced monitoring systems to detect and respond to suspicious activities promptly.

📝Report: The State of Data Security in Financial Services

In our 2024 ‘The State of Data Security in Financial Services’ report, we dissect our own proprietary data to understand how financial services companies are navigating data security. You'll find:

  • The pivotal data types that hold significance for Financial Service Companies
  • A comprehensive understanding of the risks posed by stale data and effective management strategies
  • Compelling reasons why financial institutions should prioritise attention to access controls
Download our Report: The State of Data Security in Financial Services

DLP's Role in Preventing Financial Data Breaches

Data Loss Prevention can be a digital shield for financial institutions to protect sensitive information like Social Security numbers and bank account details. It identifies and safeguards key financial data smartly, adapting to each organisation's security requirements.

In implementing DLP within financial institutions, it's best to opt for a solution that can seamlessly integrate with the existing SaaS apps teams use daily. The DLP tool should provide a holistic and real-time view of sensitive data across the entire digital ecosystem, helping to triage risks quickly with an AI-powered scoring system and enabling detailed analyses at the employee and department levels.

This level of insight, coupled with the power to automate remediation and engage employees as a human firewall, significantly enhances an organisation's ability to prevent data breaches and ensures a proactive stance in data security management.

Conclusion

Reflecting on 2023, the financial sector faced key challenges like weak API security and sophisticated phishing attacks, underscoring the importance of Data Loss Prevention. This review highlights the urgent need for comprehensive security strategies, including DLP, to safeguard financial data.

To learn how Memtomic can help prevent your financial organisation from data breaches, book a demo with us today.

2023: A year when financial data breaches not only broke records but trust worldwide.

Read on to gain a deeper understanding of the key vulnerabilities exploited, the impacts of these breaches, and how implementing Data Loss Prevention (DLP) tools can fortify your defences against similar threats.

The Landscape of Financial Data Breaches in 2023

2023 was a challenging year for financial data security; the industry saw an average data breach cost surge to an unprecedented $4.45 million, a 2.3% increase from the previous year's figure. This uptick is not just a year-over-year anomaly; it's part of a worrying trend that has seen costs rise by 15.3% since 2020.

The financial sector, a vital pillar of our economy, was particularly hard hit, with breach costs averaging $5.90 million, making it the second most impacted sector after healthcare. The repercussions of these breaches are extensive. For businesses, it's not just about the immediate financial hit; the long-term brand damage and loss of consumer trust can undermine years of goodwill.

Consumers, on the other hand, face the anxiety and potential harm of personal data exposure, which can lead to identity theft and financial fraud. This year, companies have faced breaches that are not only more costly but have far-reaching consequences for everyone involved.

One of the most telling trends in 2023 is the heightened investment in security following a breach. Over half of the organisations surveyed are planning to increase their security budget. This shows a clear recognition of the need for tightly controlled security measures.

Additionally, the role of Security AI and automation has become prominent, with organisations that adopted these technologies reporting $1.76 million less in breach costs than those that did not. This highlights a pattern where proactive investment in advanced security technologies is a cost-saving measure over time.

Top Five Financial Data Breaches of 2023

#1. T-Mobile US Data Breach

Overview of the Breach

In 2023, T-Mobile US was hit by a data breach that affected 37 million customers. This breach, discovered on January 5, had begun around November 25, 2022, and involved exposing personal customer information. The compromised data types included names, billing addresses, email addresses, phone numbers, dates of birth, T-Mobile account numbers, and details about service plans.

Although financial data was not directly accessed, the breadth of personal information obtained was substantial and worrying. This incident was reported by various news outlets, including a detailed article on Reuters, which highlighted the scale and seriousness of the breach.

Analysis of How the Breach Occurred

The breach was executed through an API that T-Mobile used for customer support. The "bad actor" behind the breach exploited a security flaw within this API, which allowed them to extract customer data en masse. The malicious activity was not immediately detected, allowing the perpetrator to access the data for over a month. As CNET reported, T-Mobile's systems were not compromised, indicating that the breach was a targeted attack on the API's security.

Consequences for the Company and Its Customers

The discovery of the breach led to a recognition of the personal data vulnerability of millions of T-Mobile customers. Although no financial data was exposed, the incident laid the groundwork for possible phishing operations, as personal details are often used in such schemes. The event, as reported by TechTarget, raised concerns about the frequency of security incidents at T-Mobile and the implications for customer trust and future regulatory scrutiny.

#2 - Capital One

Overview of the Breach

Capital One's security was breached in 2023 due to a vulnerability within the systems of NCB Management Services, a partner firm. This breach, which began on February 1 and was uncovered on February 4, exposed sensitive financial data of around 16,779 customers. The leaked information was extensive, including Social Security numbers, account and credit card numbers, security codes, and PINs. Coverage by The Record highlighted the severity of the breach, given the type of information that was accessed.

Analysis of How the Breach Occurred

Attackers exploited a security weakness in NCB Management Services, which went undetected for several days. This lapse allowed the attackers to gather personal and financial information. The details on the nature of the vulnerability are sparse, but the incident indicates the risks associated with third-party service providers. Insights from IDStrong pointed out the necessity for financial institutions to continuously monitor their third-party vendors’ security postures.

Consequences for the Company and Its Customers

The breach affected tens of thousands of Capital One customers, putting them at risk of identity theft and financial fraud. The data obtained could be sold or used in targeted phishing attacks. Following the breach, Capital One and NCB Management Services took measures to mitigate the damage, as described in JD Supra’s report, including offering credit monitoring services to the affected customers. The breach had significant repercussions for the individuals whose data were compromised and Capital One's operational security and customer relations.

#3 - Bank of America Vendor Data Breach

Overview of the Breach

In early 2023, a breach at NCB Management Services, a debt collection agency, affected Bank of America's customers. This security incident exposed the personal and financial data of nearly 495,000 individuals. The breach, detected on February 4, compromised plenty of customer data, from Social Security numbers to credit card information. The situation was first reported by IDStrong, highlighting the extensive nature of the data involved.

How the Breach Occurred

External hackers infiltrated NCB Management Services' systems, targeting data related to Bank of America customers. This attack underscores the vulnerability of financial institutions associated with third-party vendors. According to reports from SecurityWeek, the unauthorised access was a clear exploitation of security weaknesses within the debt collection company’s infrastructure.

Consequences for the Company and Its Customers

The breach had serious repercussions, putting affected customers at significant risk of identity theft and financial fraud. As detailed by Top Class Actions, personal and financial information, including credit card details and Social Security numbers, could be utilised in fraudulent activities. NCB Management Services responded by terminating the unauthorised access and offering identity theft prevention services to those impacted.

#4 - Voya Financial Advisors

Overview of the Breach

Voya Financial Advisors suffered a data breach after an unauthorised third party accessed an employee's email account on February 9, 2023. The breach, discovered and contained on the same day, led to the potential exposure of personal data belonging to approximately 11,734 accounts. The incident was made public through legal advisories and news reports, including coverage on My Injury Attorney, indicating the gravity of the security lapse.

How the Breach Occurred

This breach resulted from a compromised email account belonging to a Voya employee. The “malicious actor” behind this unauthorised access exploited vulnerabilities in email security to gain access to sensitive customer information. This attack is a stark reminder of the potential risks associated with email communications and the need for strong cybersecurity measures, as discussed on JD Supra.

Consequences for the Company and Its Customers

The leaked consumer data, which included names, addresses, and Social Security numbers, could lead to increased risks of identity theft and financial fraud for the individuals affected. Voya Financial Advisors took immediate action by notifying the impacted customers and offering legal assistance, as mentioned in the investigation update by Turke & Strauss. The breach has raised concerns about data security practices and the potential aftermath for those whose information was compromised.

#5 - Retirement Clearinghouse

Overview of the Breach

Retirement Clearinghouse, an organisation specialising in retirement account consolidation services, reported a data breach that affected approximately 10,500 individuals. The breach, identified in March 2023, resulted from a phishing attack on an employee's email account, leading to potential unauthorised access to personal data files. This incident was reported by multiple sources, including PlanSponsor, which detailed the nature and extent of the exposure.

How the Breach Occurred

A phishing scheme was the vector of attack for the breach at Retirement Clearinghouse. Phishing, a method where attackers masquerade as trustworthy entities to acquire sensitive information via email, enables the attackers to compromise files containing personal data. The incident highlights the ever-present threat of socially engineered cyber-attacks and the importance of continuous vigilance against such tactics.

Consequences for the Company and Its Customers

Following the breach, Retirement Clearinghouse swiftly notified the affected individuals that their Social Security numbers and IRA account information may have been accessed. According to reports from InvestmentNews, the company offered complimentary identity protection services and guidance on securing their information. While the breach had a limited scope and did not impact client assets or the network for reuniting small 401(k) balances, it was a critical reminder of the potential risks of handling personal financial data.

Common Vulnerabilities and Attack Vectors

The financial data breaches of 2023 have shed light on the persistent and evolving threats that financial institutions and their affiliates face in an age where data is at the heart of every business. These incidents have highlighted specific security lapses and underscored the broader vulnerabilities within the sector's cybersecurity practices. From exposed APIs to phishing schemes, the methods used by cybercriminals have varied, yet they share commonalities in exploiting security weaknesses:

  • API Security: Inadequate security measures for APIs were exploited, allowing unauthorised access to sensitive data.
  • Phishing Attacks: Cybercriminals use deceptive emails to access employee accounts and sensitive information.
  • Third-Party Risk: Hackers targeted vulnerabilities in third-party vendors' systems with access to financial institutions' customer data.
  • Email Account Compromise: Employee email accounts were breached, often due to poor password practices or lack of multi-factor authentication.
  • Insufficient Monitoring: Delays detecting unauthorised access allowed hackers to extract sensitive data over extended periods.

In facing these challenges, it is imperative that the financial sector recognises the patterns and strengthens its defence mechanisms. Proactive measures must include stringent API security protocols, comprehensive third-party risk assessments, enhanced employee training against phishing, and the implementation of advanced monitoring systems to detect and respond to suspicious activities promptly.

📝Report: The State of Data Security in Financial Services

In our 2024 ‘The State of Data Security in Financial Services’ report, we dissect our own proprietary data to understand how financial services companies are navigating data security. You'll find:

  • The pivotal data types that hold significance for Financial Service Companies
  • A comprehensive understanding of the risks posed by stale data and effective management strategies
  • Compelling reasons why financial institutions should prioritise attention to access controls
Download our Report: The State of Data Security in Financial Services

DLP's Role in Preventing Financial Data Breaches

Data Loss Prevention can be a digital shield for financial institutions to protect sensitive information like Social Security numbers and bank account details. It identifies and safeguards key financial data smartly, adapting to each organisation's security requirements.

In implementing DLP within financial institutions, it's best to opt for a solution that can seamlessly integrate with the existing SaaS apps teams use daily. The DLP tool should provide a holistic and real-time view of sensitive data across the entire digital ecosystem, helping to triage risks quickly with an AI-powered scoring system and enabling detailed analyses at the employee and department levels.

This level of insight, coupled with the power to automate remediation and engage employees as a human firewall, significantly enhances an organisation's ability to prevent data breaches and ensures a proactive stance in data security management.

Conclusion

Reflecting on 2023, the financial sector faced key challenges like weak API security and sophisticated phishing attacks, underscoring the importance of Data Loss Prevention. This review highlights the urgent need for comprehensive security strategies, including DLP, to safeguard financial data.

To learn how Memtomic can help prevent your financial organisation from data breaches, book a demo with us today.