You are currently viewing Breaking bank security: Record theft rises to new heights

Breaking bank security: Record theft rises to new heights

Banks, investment firms, and financial services all handle sensitive data. Protect the privacy of your clients’ sensitive information with the next-generation cloud storage and sharing solution – SkyFlok!

SkyFlok uses innovative cloud technologies to spread your data across multiple providers and locations to protect your and your clients’ files from internal and external attacks. Moreover, you get a secure platform to communicate files with your colleagues and clients. This two-way sharing feature in SkyFlok is called ‘Client Spaces’ and they are not only more secure than emails, but also more convenient in order to maintain a record for your interactions and shared files (and their versions) over time with each individual client.

The financial sector has long been a lucrative target for criminals of all types and this will not be changing anytime soon.

However, it is not just dodgy insider dealings, scam artists, and bank robberies that can cause players in the financial sectors a headache — now, it is the threat of cyber intrusion, surveillance, and data breaches.

Banks, investment firms, and financial services all handle sensitive data, including account details, home addresses, contact details, Social Security numbers, information relating to investment portfolios, and more. If these records end up in the wrong hands, this can result in social engineering, account hijacking, and potentially ID theft or the batch sale of records in the Dark Web.

Direct attacks, too, can be launched simply to drain financial entities of funds, such as in the $80 million Bangladeshi bank heist or the recent theft of $13.5 million from India’s Cosmos Bank.

Like moths to a flame, this data is an attractive lure, and as such, cyberattacks levied against financial institutions are on the rise and will likely to continue to do so in the future.

According to new research released by cloud security firm Bitglass, from January to August this year, there were close to three times as many reported data breaches in the sector in comparison to the same period of time in 2016.

The report, which examines the current state of cybersecurity in the financial sector and uses information aggregated data from the Identity Theft Resource Center (ITRC) and the Privacy Rights Clearinghouse (PRC), says that 37 data breaches were reported in 2016, and 103 incidents have been reported so far in 2018.

According to Bitglass, attacks involving hacking, exploits, and the deployment of malware were responsible for close to 75 percent of all data breaches recorded in the financial sector over the course of this year. This has raised from roughly 20 percent over the past several years, in which breaches may have also been caused by insiders, human error, and third-party compromise or security failures.

Guaranteed Rate, SunTrust, and RBC’s Travel Rewards were among the financial services this year which lost the most records due to a successful cyberattack.

A successful phishing attack at mortgage firm Guaranteed Rate ensured the theft of over 187,000 customers and staff records in which names and Social Security numbers were exposed.

In the case of SunTrust, a former employee stole — and potentially shared — 1.5 million customer records which included names, addresses, phone numbers, and account balances. The company rapidly signed up all of its customers to identity protection services.

60,000 users of RBC’s Travel Rewards website were also involved in a data breach which exposed payment card information.

Bitglass’ analysis suggests that the top threats facing the financial sector this year are the WannaCry ransomware and the modular banking Trojan Emotet, as well as more general cloud-based cryptojacking schemes and ransomware-as-a-service platforms.

“Breaches can harm organizations’ reputations and, consequently, revenues,” Bitglass says. “Financial services firms that want to succeed simply cannot afford to maintain a lax security posture. Because of careless and malicious insiders, evolving malware, new phishing schemes, and much more, financial services firms face a wide variety of threats.’

Last month, an academic study revealed that many popular password managers, in use today by both consumers and businesses on the Android operating system, can be tricked by phishing schemes and malicious applications.

Many mobile password managers have trouble associating a user’s stored website credentials with a mobile app and creating a link between legitimate services, a weakness which has become ripe for exploit.


Or go back to

Daniel Lucani

PhD at MIT. Author of 8 patents and applications on network coding. Tech expert 12+ years experience.