If the data resting with a financial organization is breached – for cyber criminals it is like hitting a jackpot! The financial sector is one of the top targets for cyber criminals. Over past few years, banks and financial organizations have been subjected to a barrage of cyberattacks.
There are more varied versions and different researches pointing at vulnerability related to leaking of financial data. For organizations, it is important to find learning from these thefts and undertake corrective measures.
We have placed together a few cases – to learn from. Here are the top breaches reported in the financial sector:
- JP Morgan Chase
Learning: Cost of theft fixation is enormous, better set an annual budget.
Case:
With 76 million households and seven million small businesses affected accounts, JPMorgan Chase faced one of the biggest bank breaches in history. Discovered by the bank’s IT Security team in late July 2014, hackers gained access to the bank’s data by reaching more than 90 servers. While it impacted the bank’s brand and reputation, JPMorgan planned to invest $250 million in digital security annually. - Citi Group
Learning: Keeping a blind eye to data theft will lead to bigger multiple attacks.
Case:
Citi has been attacked in 2011, 2009 and 2006. In April 2011 personal information of consumers was exposed. It turned out that about 360,000 customer accounts were compromised. The group distanced from the responsibility of safeguarding data by blaming the theft on faulty software. Experts believe that that bank should have been proactive with IT Security measures after a series of thefts were reported. - Heartland Payment Systems
Learning: Cyber security is a collective responsibility – it’s time to band together against cyber-criminals.
Case:
A breach got discovered a breach in January 2009 after Visa and MasterCard notified Heartland Payment System of suspicious transactions from accounts it processed. Heartland Payment System took a responsible approach and paid out over $145 million in compensation for fraudulent payments. It did not stick its head in the sand to redirect blame, Heartland went public with the information to encourage companies to band together against cyber-criminals. The theft also pointed out that data security is a collective responsibility, Visa and MasterCard got to make some improvements to card technology and user authentication. - TotalBank
Learning: Investigation should not delay rectifications into the IT Security System.
Case:
An unauthorized third party gained access TotalBank’s computer network gaining account information of 72,500 customers. The bank discovered the attack in June 2014 and promptly notified affected customers. The bank proactively offered breach victims a year’s worth of free credit monitoring and identity protection services. The institution reinforced security protections and firewalls, enhancing threat detection and monitoring, shut down access to any compromised systems. - Global Payments Inc
Learning: Huge business cost associated with non-attendance regulatory or standards compliance.
Case:
Global Payments Inc. discovered a breach in the payments network in late March 2012. The total $93.9 million breach expense. Approximately 2/3rd of the expense was associated with the investigation and remediation, incentive payments to certain business partners and costs associated with credit monitoring and identity protection insurance. Global hired a qualified security assessor, or QSA, to conduct an independent review of the PCI-DSS compliance. A delay in returning to the list of PCI-DSS compliant service providers was important for Global as it impacted business, financial condition, results of operations and cash flows.
Overall the deployment of additional IT Security measures was the third most costly impact of cyber-security breaches reported by the New York State Department of Financial Services. Attacks point at the fact that even large financial institutions that invest a big sum of money into information security do have loops to allow theft. It clearly points a lack of strategic focus while implementing IT Security related technology. Therefore, any organization can be a victim of a costly security breach, regardless of size.