Introduction
Negligent or malicious behavior by those who have legitimate access to your systems can be more devastating to your company than the efforts of outside attackers. The 2023 Cost of Insider Risk Global Report by the Ponemon Institute shows that cybersecurity incidents caused by insiders through negligence, credential theft, and malicious intent had an average cost per incident of $505,113, $679,621, and $701,500, respectively.
Read: 10 AI ML Applications in the Identification and Prevention of Different Types of Fraud
The good news is that you can avoid falling victim to insider risks. One way to do that is by learning from real-life examples of cyberattacks that have happened to other organizations. In this article, we review 10 recent cybersecurity incidents that have affected world-renowned organizations. Keep reading to see how to protect your company from various types of information security incidents that result from phishing, privilege abuse, insider data theft, and third-party vendor attacks.
Read: Fintech in Hospitality: Top 10 Fintech Solutions for Hotels
Summary of Key Statistics
- Total Customers Affected: Over 330 million across these incidents.
- Estimated Financial Impact: Billions of dollars in total losses, legal fees, and recovery costs.
- Common Response Measures: Enhanced security protocols, increased budgets for cybersecurity, and regulatory scrutiny.
Read: Top 5 Ways How Sysdig Can Help To Stay Compliant Without Sacrificing Security
Fintech Guest Insights
Kern Smith VP Americas – Zimperium
“Digital identity is one of the most valuable assets in corporate IT. Organizations continue to invest in ways to protect their user identity, from multi factor authentication, rotating and random passwords facilitated by password managers, and anti-phishing filters and user training to name a few, and attackers continue to innovate with new and novel techniques to ultimately gain access to a user’s identity.
Increasingly attackers have shifted their focus to targeting iOS and Android devices given those devices are typically the nexus of personal and corporate identity. This is because mobile devices are where the multi factor resides, where users keep their passwords, and where users are much more susceptible to mobile phishing campaigns due to the number of un protected phishing avenues available to attackers, such as SMS, QR Codes, third party messaging apps, and more that most organizations have no protections for. This does not even account for the explosion of mobile malware attacks and risks with third party apps that could expose user credentials on iOS and Android devices.
All of this creates a landscape where the barrier to entry for attackers has lowered, and attacks have skyrocketed. No longer does it take an advanced exploit to gain valuable data, when an attacker can simply send a targeted message or link to gain access to the data they want, either through a simple Mishing campaign, off the shelf malware, or even abusing vulnerabilities in third party apps or SDK’s.
It is essential that organizations have a strategy to address these challenges. This includes the ability to identify and prevent mobile phishing attacks, detect for mobile malware, and identify risks in third party applications or device configurations that could potentially expose credentials and compromise user identity.”
Read: Top 10 Trends Of Customer Experience: Why CX is the Cornerstone of FinTech Success?
5 High Profile Cybersecurity Attacks on Banks
1#JPMorgan Chase
Date: October 2014
Impact: 83 million accounts
How did the data breach occur?
Cyberattackers, allegedly located in Brazil, managed to penetrate JP Morgans’ perimeter, gain the highest level of administrative privilege and achieve root access to more than 90 of its servers. Surprisingly, rather than leveraging available account privileges to steal financial information, only customer contact information was stolen. This very unclimactic outcome suggests the objective of the attack was to only steal specific customer details – possibly for use in future targeted cyberattacks.
What data was compromised?
- Internal login details for a JPMorgan employee
- Customer names
- Email addresses
- Phone numbers
Learnings:
- Investigations revealed that this breach was made possible by a very basic security vulnerability.
When JPMorgan’s security team upgraded one of its network servers, they failed to implement Multi-Factor Authentication (MFA). - This event demonstrates that even the most sophisticated financial institutions are susceptible to basic lapses in cybersecurity hygiene. To detect overlooked exposures that fall through manual processes, human effort should always be supported with an attack surface monitoring solution.
2#Westpac Banking Corporation
Date: June 2013
Impact: 98,000 customers
How did the data breach occur?
This data breach occurred through PayID – Westpac’s third-party provider for facilitating transfers between banks with either a mobile number or email address. PayID operates like a phonebook. Through the PayID lookup function, anyone can confirm the details of an account holder by searching their phone number or email address. This vulnerability made it possible for hackers to execute an enumeration attack – when brute force techniques are used to either confirm or guess valid records in a database. When the attack was over, the hackers uncovered the banking details of 98,000 Westpac customers. Armed with these details, cybercriminals can keep retargeting victims with a broad range of phishing attacks.
What data was compromised?
- Full names
- Email addresses
- Phone numbers
- Account information
Learnings:
- Just because a Government sponsors a platform, it does not mean it’s cyber resistant.
- Despite warnings of potential security risks, the Australian government approved its New Payments Platform (NPP), assuring the public that fraud and security concerns were “extensively considered” when developing PayID.
- The data breach that ironically eventuated after this statement demonstrates that government solutions are vulnerable to the same cyber threats as all third-party software, including dated techniques like brute force attacks.
- To prevent such an incident, security controls addressing brute force attacks should be implemented like Limit login attempts – Limit incorrect login attempts from a single IP address.
- Use device cookies – Device cookies will block malicious login attempts coming from specific browsers.
- Block suspicious logins – Block login functionality after a certain number of incorrect attempts.
- Don’t reveal correct credentials – Prevent login fields from confirming which specific details are correct.
- Use CAPTCHAS – Choose CAPTCHAS that get progressively harder and more time-consuming with each incorrect login attempt.
3# First American Financial Corp
Date: May 2019
Impact: 885 million credit card applications
How did the data breach occur?
More than 885 million financial and personal records linked to real estate transactions were exposed through a common website design error. This error is known as a “Business Logic Flaw” on the FIrst American Financial Corp website. This is when a webpage link leading to sensitive information isn’t protected by an authentication policy to verify user access. This exposure was not initiated by a hacker, the vulnerability that facilitated sensitive data access was caused by an internal error – an event known as data leaks. Though data leaks and data breaches are two different events, they both share the same potential outcome – sensitive customer information falling into the hands of cybercriminals.
The following data was compromised in the First American Corp data breach:
- Names
- Email addresses
- Phone numbers of closing agents and buyers
Armed with this information, a wide range of cybercrime is possible including:
- Identity theft
- Ransomware attacks
- Malware injections
Learnings:
- Implement code review policies – Before pushing any code live, it should be reviewed by a quality control officer.
Monitor for data leaks – A data leak detection solution will detect and shut down all internal or third-party data leaks before they’re discovered by cybercriminals.
American Express - American Express In March 2024, American Express informed its customers that unauthorized parties gained access to sensitive customer information through a breach in their merchant processor. The breach was caused by a successful point-of-sale attack. American Express emphasized that its internal systems weren’t compromised during the incident. However, the breach at the merchant processor leaked American Express customers’ sensitive data, such as names, current and former account numbers, and card expiration dates.
- Having a sophisticated supply chain with numerous subcontractors, vendors, and third-party services is the norm for organizations these days. However, granting third parties access to your network is associated with cybersecurity risks. One of the reasons is that your third parties may not always follow all necessary security procedures. Thus, there’s no guarantee that hackers won’t exploit your vendors’ vulnerabilities to access your organization’s assets.
- Some of these incidents could have been prevented with proper third-party cyber risk management practices. When choosing a third-party vendor, pay attention to their cybersecurity policies and the laws and regulations they comply with. If a potential subcontractor or a service provider is unfamiliar with your vital cybersecurity measures, consider adding a corresponding requirement to your service-level agreement. Limit a subcontractor’s access to your critical data and systems to the extent necessary for their job.
- To enhance the protection of your most critical assets, apply additional cybersecurity measures like MFA, manual login approvals, and just-in-time privileged access management. Regular audits of API security can help identify vulnerabilities and weaknesses in the API implementation. This way, you can minimize the risks coming from integrations with third-party services. Consider deploying monitoring solutions to see who does what with your critical data. Keeping third-party user activity records makes for fast and thorough cybersecurity audits and incident investigations.
4#Flagstar Bank
Date: June 2022
Impact: 1.5 million customers
How did the data breach occur?
One of the largest financial providers in the United States, Flagstar Bank, suffered a massive data breach in June 2022, leaking the Social Security numbers of almost 1.5 million customers. The breach is the second such attack on the Michigan-based online banking giant in as many years. The bank did not disclose how hackers successfully infiltrated the network, but initial investigations showed that the attack may have occurred as early as December 2021. Flagstar bank initiated incident response protocols as soon as they discovered a data breach and stated that there was no evidence of exploitation during investigations. However, they still advised customers to monitor their credit closely and to report any suspicious activity.
What data was compromised?
- Social Security numbers (SSN)
- Banking information
- Personal information (names, addresses, birthdays)
Learnings:
Although the exact attack vector was not specified, it highlights the importance of covering every possible vulnerability from third-party risk to internal threats to ransomware protection. Despite settling multiple class-action lawsuits in March 2021, Flagstar Bank failed to implement sufficient protection protocols in time.
- Annual penetration tests
- Security audits (e.g. SOC 2 Audit)
- Updated incident response plans
- Provide cybersecurity training
Conclusion
The insider risks pose a significant threat to organizations, often causing more harm than external attacks. The examples of recent high-profile cyber incidents illustrate how negligence, poor security practices, and third-party vulnerabilities can lead to severe data breaches. Each case—from JPMorgan Chase to Flagstar Bank—demonstrates that even established institutions can fall victim to basic security oversights, such as neglecting Multi-Factor Authentication or not properly securing third-party access.
To protect against insider threats, companies should prioritize comprehensive cybersecurity measures. This includes regular security audits, employee training, and robust monitoring systems to detect vulnerabilities early. Implementing best practices, such as limiting access rights and using advanced authentication methods, can significantly reduce risk. Additionally, organizations must not overlook the importance of securing their supply chains, as third-party weaknesses can expose them to serious threats.
Ultimately, learning from these incidents is crucial. By adopting proactive strategies and fostering a culture of security awareness, companies can better safeguard their sensitive information and minimize the potential financial and reputational damage that comes with insider risks. In an ever-evolving cybersecurity landscape, vigilance and preparedness are key to protecting organizational assets.
We will be back with more exciting articles in the fintech domain!
Write to us for any suggestions.