Cybercriminals who want to obtain a large amount of valuable data quickly are increasingly attacking financial institutions. Data breaches can be very expensive for banks.
Credit Suisse seemingly cannot escape the negative headlines. After numerous scandals and annual results deeply in the red last year, a former employee is now making new negative headlines for the bank. An IT employee is alleged to have stolen personal data from Credit Suisse employees over the years.
While the data was taken, there is so far no evidence of it being used maliciously.
We have taken and are continuing to take steps, including legal remedies, to contain the incident adequately. To date, there is no evidence of any onward transmission or intent to use the data in any way,» according to a statement from Credit Suisse.
Still, the security incident is seen as further damaging the image of the crisis-hit financial institution.
Data security must be a top priority in a bank’s security concept since financial data contains some of the most sensitive information on individuals. Should cybercriminals get hold of such data, it can have devastating consequences for customers who have placed their trust in a financial institution that lacks adequate security measures.
Financial institutions have been a popular target for data breaches and theft for years. The vast amount of data residing in banks on accounts, credit cards, and securities holdings is a juicy target for those with ill intent.
According to a study by the security company Proxyrack that evaluated data breaches since 2004, the financial sector is the third most frequent target of hackers, with Citigroup a popular target. It was victimized by three hacker attacks since 2004, resulting in 4.4 million records being stolen or compromised.
According to Proxyrack, only companies in the Web and healthcare industries have been affected more frequently than financial institutions. The top three causes of security incidents are hacker attacks, inadequate security measures, and lost or stolen data.
Cybersecurity firm Flashpoint comes to a similar conclusion. According to its data, the financial sector recorded the second-highest number of data breaches globally after government agencies in 2022. US banks were the most affected, followed by institutions in Argentina, Brazil, and China. At least 79 US financial institutions reported data breaches affecting 1,000 or more customers last year.
Data leaks and data theft can be very expensive. According to an IBM report on the cost of data breaches in 2022, the US financial sector recorded the second-highest average cost per security incident after healthcare. While the average cost of data breaches in healthcare reached a record high of $10.1 million, up over 40 percent since 2020, it was just under $6 million for financial firms.
The largest known data breach to date involving a financial institution was at First American Financial Corp. In 2019, security specialist Brian Krebs discovered 885 million First American documents posted online that contained information such as account numbers, bank statements, tax records, and wire transfer receipts. The data of millions of customers was freely accessible.
The US financial services provider Equifax also experienced a similar breach. In September 2017, the company informed its customers that cyber criminals had accessed 147 million accounts. Equifax had learned about the security breach a month earlier but failed to inform its customers immediately, resulting in a $700 million fine from US authorities.
The third largest data breach also involved a US company when in 2009, Heartland Payment Systems announced it was the victim of a security breach in its processing system in 2008. A web form on the company’s website gave access to the corporate network allowing Russian hackers to gain to over 100 million credit and debit card numbers.