Top 10 U.S. Cybersecurity Breaches in Finance

In May 2019, over 885 million credit card applications in First American Financial Corp.'s database related to real estate transactions were exposed. What makes this breach significant isn't only the number but the source of the violation. Surprisingly, no hackers were involved — the information breach was an internal leak of names, phone numbers and addresses caused by poorly designed web pages.



Authentication policies didn't safeguard the page links containing this info, also called insecure direct object reference (IDOR). Breaches and leaks reveal personally identifying information (PII). Even though this didn't occur with malicious intent, First American still suffered the consequences of millions of unhappy customers stressing about their security. Now, it could easily fall into the hands of cybercriminals.

September 2017 was a bad month for Equifax, as one of the most well-regarded credit bureaus in the country revealed it had poor cybersecurity practices. Hackers compromised 145 million accounts during this breach because it failed to patch a vulnerability in its system, leaving it open for Chinese military hackers to find ways into their unprotected servers. A lawsuit regarding the breach resulted in a settlement of up to $425 million to help those affected.



Breaches like this teach companies to update and check their systems constantly. Software companies release patches because new technologies mean new openings for hackers. Hardware can also fall victim to becoming obsolete, so staying up to date with the most current strategies in the hacking world may be the little mindset shift a business needs to stay protected.

Heartland took a significant blow in 2008 after 130 million credit and debit card numbers were stolen. Russian hackers deployed an SQL injection, manipulating Heartland's payment systems.



The injection works in the backend, allowing hackers to change, copy, void and delete requests made through that system. Plenty of companies used this application at the time, and it quickly made them realize how large a tiny gap in a web application can be. It could be avoided with proper authentication measures and penetration testing to ensure systems are secure from every angle.

The Capital One data breach in March 2019 was interesting because of the culprit and the reveal. The breach exposed American and Canadian Social Security and bank account numbers. Paige Thompson, a former Amazon Web Services employee, stole credit card applications and posted them on GitHub with her full name, admitting her crime.



Thompson argues she wanted to expose Capital One's poor cybersecurity practices. Courts granted her five years of probation, as she claimed to be a white hat hacker and never misused the data she stole.

Cybercriminals accessed 83 million JPMorgan Chase accounts in October 2015. Investigators were surprised by the scale of the breach because the hackers had entered servers with full administrative privileges. Contrary to most hackers finding their way into financial institutions, they didn't take financial data. They only obtained customer information. Motives like this raise questions if the criminals were looking for specific individuals.



Though no one should dismiss any breach of a financial institution, the motive of the criminals is insightful for potential future moves. Though millions could have their data exposed, only a few may be in severe trouble, resulting in more severe targeted attacks in the future. No matter what, everyone affected by any financial breach should follow the company's advice when ensuring personal safety.

In 2005, CardSystems Solutions was subject to the most intense breach in the industry. An unrecognized code appearing in the system stole 40 million credit card numbers. Because it was a third-party system utilized by some of the industry's top businesses, including MasterCard and Visa, the company was concerned about its clients.



Eventually, investigations uncovered CardSystems was not deleting data they should have been, and most importantly, it was unencrypted and unprotected.

Block owns a few financial enterprises, including Afterpay and CashApp. In April 2022, an employee downloaded a report containing 8.2 million customers' information, including names and brokerage data. Because of this action, stock prices fluctuated drastically.



As virtual payments and other financial trends shape the industry, Block and other providers should take care — new technology is sometimes more prone to cyberattacks than what was established decades ago because those resources have had time to develop defenses.

CheckFree users weren't aware they were being redirected to a malicious Ukrainian server when their passwords were stolen in 2009. Over 5 million customers who paid their bills unwittingly handed over information to the hackers. As a consolation to potential victims, CheckFree offered free credit monitoring and malware software in hopes it would provide customers with peace of mind.

There is already enough tension surrounding student loans, but to increase the severity of that discourse, hackers went for Educational Credit Management Corp in 2010. A physical item considered "portable media" was stolen from its Minnesota location, containing information on 3.3 million accounts, including Social Security numbers.



The portable media item was never clarified, though it could have been an external hard drive used for backing up data to company servers. A breach like this reminds companies not everything is digital nowadays — it could result from old-fashioned theft.

Let's not forget about cryptocurrency because it is equally subject to breaches like any other financial institution. The largest in history occurred in August 2022, when hackers took over $570 million in crypto. Hackers exploited the blockchain technology that gives crypto life in cross-chain bridge attacks. Cross-chain bridges allow digital assets to transfer successfully, and though they are only one step in the blockchain infrastructure, hackers are finding it's a particularly vulnerable part.



Binance successfully recovered most of the funds and quickly halted the hackers in their tracks. Cryptocurrencies are often praised for their security because it is decentralized, but this proves hackers will find a way.

A financial institution breach could be a matter of life and death for a company's well-being. Suppose millions of customers know their data was taken because a company lacked defenses. In that case, they may never return and tell loved ones to keep their distance from particular companies. Educate on the unfortunate circumstances and side effects of the largest U.S. breaches to keep everyone's money and information safe and sound.

In case you need advice from professionals, the Cyberlands team will be glad to assist you!