Financial services firms accounted for 6% of all data breaches in 2019 but more than 60% of leaked records, partly due to the Capital One mega breach that compromised more than 100 million records, according to a new study.
The attacker, Paige Thompson, broke into a Capital One server and gained access to 140,000 US Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers. The attacker also accessed a large number of names, addresses, credit scores, credit limits, balances, and other information, the bank said in September.
Although the Capital One breach was an outlier, breaches in financial services companies still tend to be larger and more detrimental than in other sectors, the study by cloud security company Bitglass found.
“Given that organizations in the financial services industry are entrusted with highly valuable, personally identifiable information (PII), they represent an attractive target for cybercriminals,” said Bitglass CTO Anurag Kahol. “Hacking and malware are leading the charge against financial services and the costs associated with breaches are growing. Financial services organizations must get a handle on data breaches and adopt a proactive security strategy if they are to properly protect data from an evolving variety of threats.”
Other key findings include:
- Hacking and malware remain the primary cause of data breaches in financial services, at 74.5% (from 73.5% in 2018). Insider threats grew from 2.9% in 2018 to 5.5% today, while Accidental disclosures increased from 14.7% to 18.2%.
- The cost per average breached record in financial services ($210) has increased over the last few years and exceeds the per-breached-record cost of all other industries except healthcare ($429).
- For mega breaches, which affect approximately 100 million or more individuals, the cost per breached record in financial services is now $388 – up from $350 in 2018.
- Many financial services organizations are suffering recurring breaches as they fail to secure data properly for a cloud and BYOD environment. For example, Capital One and Discover all experienced their fourth significant data breach in 2019.
- The top three breaches of financial services firms in 2019 hit Capital One Financial Corporation (106 million individuals), Centerstone Insurance and Financial Services (111,589), and Nassau Educators Federal Credit Union (86,773).