Close Close
Sign In
Newsletters
Popular Financial Topics Discover relevant content from across the suite of ALM legal publications From the Industry More content from ThinkAdvisor and select sponsors Investment Advisor Issue Gallery Read digital editions of Investment Advisor Magazine Tax Facts Get clear, current, and reliable answers to pressing tax questions
Luminaries Awards
Podcast Center Video Center Webcasts Resource Center Events
About ThinkAdvisor Contact Us Advertise With Us Asset & Logo Licensing Sitemap Terms of Service Privacy Policy Copyright © 2024 ALM Global, LLC. All Rights Reserved.
ThinkAdvisor

Regulation and Compliance > Cybersecurity

12 Biggest Financial Services Data Breaches of 2023

Allison Bell By Allison Bell

X
Your article was successfully shared with the contacts you provided.

The 12 biggest known data breaches involving U.S. financial services companies and companies in closely related sectors may have affected more than 65 million Americans so far this year.

A search of records collected by the Maine attorney general’s office, the Indiana attorney general’s office, the U.S. Securities and Exchange Commission and other sources revealed that those breaches have reported victim counts ranging from about 10,000 to 37 million.

Attackers used a variety of methods to get into the companies’ systems.

For a look the companies affected, see the gallery above.

What it means: You need to help clients understand the importance of picking hard-to-crack passwords, changing passwords often, monitoring financial accounts closely and taking other steps to protect themselves against strangers who may know everything from the city where they were born to their debit card security codes.

The data: The United States does not have one big, public database that lists all known breaches, and few states run breach databases that provide national impact numbers.

Because Maine and Indiana are two states that do provide national impact figures, we relied heavily on their breach report databases.

We included national investment companies, money center banks, life insurance and annuity issuers, retirement services providers, distributors, support services companies, and companies in some other sectors that have become key components of the financial system.

We excluded health insurers and regional banks, and we combined all of the many companies affected by the Cl0p ransomware group’s attack on the MOVEit file transfer system, which affected an annuity holder and pension plan participant tracking firm’s efforts to help clients locate their customers, in one entry.

Progress Software, the company that runs the MOVEit system, has emphasized that it took steps to address the MOVEit system vulnerability the instant it learned of the vulnerability.

The attacks: The attacks included traditional system hacking; phishing, or efforts to extract system access information from authorized users; and credential stuffing, or automated moves to see whether stolen passwords that work on one system might work on another.

Credit: Sergey Nivens/Adobe Stock

Allison Bell

Think_Allison

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.