Common Types of Cyber Threats Against Banks
The financial sector is up to 300 times more likely to be the victim of cyberattacks than other sectors. Cyberattacks on banks have become more prevalent and sophisticated and can result in significant data breaches.
- Malware breaches: Software that covertly infiltrates computer systems to provide unauthorized access to thieves and other bad actors, facilitates the theft of sensitive information or ransomware attacks.
- Phishing breaches: Attackers trick an employee into accidentally providing access to internal networks.
- Insider breaches: Someone with authorized computer access is responsible for data breaches, either intentionally or unintentionally.
- Human error breaches: Employee mistakes, such as using weak passwords or handling data carelessly, can leave banks vulnerable.
To prevent cyberattacks and protect sensitive information from a data breach, banks must invest in cybersecurity measures such as firewalls, intrusion detection systems and encryption technologies. Bank employees should be trained to recognize cyberthreats and learn best security practices.
Biggest Data Breaches Against Banks
Morgan Stanley experienced one of the biggest data breaches in banking history. In 2022 the bank agreed to a $60 million settlement and paid a $60 million fine after hard drives it decommissioned were found to have not been properly wiped clean before re-sale. The drives contained sensitive personal client information.
JPMorgan Chase suffered one of the largest data breaches in history in 2014. Hackers exploited an employee’s access credentials and stole the sensitive personal information of more than 80 million households and businesses.
First American Financial Corp experienced a data breach in 2019 that exposed more than 800 million sensitive records. While investigators found no evidence of misuse of the exposed data, First American Financial paid a $500,000 fine.
Also in 2019, Capital One experienced a major data breach when a hacker gained access to a storage system and compromised the personal information of more than 100 million customers. Capital One compensated affected customers with a payout of $190 million. It also paid an $80 million fine.
How Are Banks at Risk of Cyberattacks?
The banking industry, like other industries, struggles to ensure complete cybersecurity. The popularity of online banking is growing and third-party vendors and partnerships are expanding. Significant data gaps still exist for assessing and mitigating cyber vulnerabilities.
Former FBI Director Christopher A. Wray compared the threat of ransomware to the challenge of global terrorism. Software security experts need more research to determine how cyber vulnerabilities originate in and are transmitted across the banking sector. Until then, banks will continue to be vulnerable to various cyberattacks, from ransomware to social engineering schemes.
Ransomware is malicious software that someone gets tricked into downloading. Once installed, the software encrypts files and then demands payment in exchange for the decryption key. Ransomware attacks against banks, credit unions, utilities, healthcare systems and other institutions are on the rise. The effects of even isolated incidents can ripple outward and disrupt banks around the world.
Social engineering uses psychological manipulation to deceive people into revealing sensitive information or making security mistakes. These attacks can take many forms, including phishing, pretexting, dumpster diving, scareware, baiting, tailgating, spear phishing and quid pro quo schemes.
One successful attack directed bank clients to phone a fake bank employee, who then elicited the victim’s banking details to steal money from their accounts. Like confidence schemes, social engineering attacks will evolve as banks deploy new technologies, like artificial intelligence.
With more endpoints and devices accessing the bank’s network, remote work increases the attack surface for cyber criminals. Some employees may use unsecured public Wi-Fi networks or personal devices to access their bank’s network. That makes them more vulnerable to cyberattacks. Remote work could potentially make it more difficult for bank managers and IT professionals to monitor employee activity and ensure that employees are following established cybersecurity policies and procedures.
Cyberattack Impact on Bank Customers
Cyberattacks on banks can affect bank customers. Theft of customers’ personal and financial information, such as credit card numbers and bank account details, can lead to unauthorized transactions and financial losses. Cyberattacks can also result in identity theft, where criminals use stolen personal information to open new accounts, take out loans, or engage in other fraudulent activities.
A major cyberattack can also disrupt global financial networks and services, especially payments systems. It would also sow confusion and panic in banks, governments, businesses and consumers around the world, with potentially severe impacts on economic activity and political governance.
How Can You Protect Yourself as a Bank Customer?
Malicious cyber actors can exploit vulnerabilities in your home network to gain access to sensitive personal and financial information. Protect yourself and your financial health by securing devices and networks, practicing cybersecurity-aware behaviors and implementing the following security best practices.
- Avoid public hotspots: Public hotspots have weaker security than private networks and are more susceptible to malicious activity. Be cautious if you have to use them.
- Deploy firewalls: Make sure your routing devices have basic firewall capabilities and use security software that layers in anti-virus, anti-phishing and anti-malware security.
- Schedule reboots: Reboot devices periodically to minimize the risk of malicious code persisting on devices, and downloaded the latest operational and security updates.
- Secure routers: Because routers are entry points for home networks, it’s important to ensure that your routing devices have the latest security patches.
- Segment wireless networks: Separate primary Wi-Fi, guest Wi-Fi and the Internet of Things (smart appliances, Alexa, Google Home, etc.) to prevent vulnerabilities from weaker security devices compromising your entire network.
- Upgrade and update: Always use the latest available and supported operating systems and browsers, which contain default security features not found in previous versions.
- Use strong passwords: Passwords (and answers to challenge questions) should be strong, difficult to guess and not be reused for different accounts.
If your bank experiences a cyberattack that exposes customers’ personal or financial information, you can file a data breach lawsuit. These are often class-action litigations.
Filing a data breach lawsuit related to cyberattacks can be complex, but an expert attorney can help you seek compensation for the harm caused and hold responsible parties accountable. To file a successful legal claim, you need evidence that shows how the cyberattack happened, who was responsible and how it caused harm to you or your organization.
23 Cited Research Articles
Consumernotice.org adheres to the highest ethical standards for content production and references only credible sources of information, including government reports, interviews with experts, highly regarded nonprofit organizations, peer-reviewed journals, court records and academic organizations. You can learn more about our dedication to relevance, accuracy and transparency by reading our editorial policy.
- Palmer, D. (2023, February 23). NSA says: Do these things to keep your home network safe from cyberattack. Retrieved from https://www.zdnet.com/article/nsa-says-do-these-things-to-keep-your-home-network-safe-from-cyber-attack/
- Cox, J. (2023, February 23). How I Broke Into a Bank Account With an AI-Generated Voice. Retrieved from https://www.vice.com/en/article/dy7axa/how-i-broke-into-a-bank-account-with-an-ai-generated-voice
- Robertson, H. (2023, February 1). Intesa Sanpaolo says most operations restored after ION ransomware attack. Retrieved from https://www.reuters.com/business/finance/intesa-sanpaolo-says-most-operations-restored-after-ion-ransomware-attack-2023-02-09/
- National Security Agency. (2023, February). Best Practices for Securing Your Home Network. Retrieved from https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3304674/nsa-releases-best-practices-for-securing-your-home-network/
- Cox, C. (2022, November 1). U.S. banks processed roughly $1.2 billion in ransomware payments in 2021, according to federal report. Retrieved from https://www.cnbc.com/2022/11/01/us-banks-process-roughly-1point2-billion-in-ransomware-payments-in-2021.html
- Bellamy, F.C. (2022, June 27). Data breach class action litigation and the changing legal landscape. Retrieved from https://www.reuters.com/legal/legalindustry/data-breach-class-action-litigation-changing-legal-landscape-2022-06-27/
- Federal Reserve. (2022, May 12). Implications of Cyber Risk for Financial Stability. Retrieved from https://www.federalreserve.gov/econres/notes/feds-notes/implications-of-cyber-risk-for-financial-stability-20220512.html
- Osborne, C. (2022, January 5). Morgan Stanley agrees to $60 million settlement in data breach lawsuit. Retrieved from https://www.zdnet.com/article/morgan-stanley-agrees-to-60-million-settlement-in-data-breach-lawsuit/
- The Seattle Times Staff & News Services. (2021, December 23). Capital One to pay $190M settlement in data breach linked to Seattle woman. Retrieved from https://www.seattletimes.com/business/capital-one-to-pay-190m-settlement-in-data-breach-linked-to-seattle-woman/
- Benson. C. (2021, July 13). Work from home fuelling cyber attacks, says global financial watchdog. Retrieved from https://www.reuters.com/business/work-home-fuelling-cyber-attacks-says-global-financial-watchdog-2021-07-13/
- Frankel, A. (2021, June 19). SEC’s First American settlement signals new corporate cyber disclosure risk. Retrieved from https://www.reuters.com/legal/litigation/secs-first-american-settlement-signals-new-corporate-cyber-disclosure-risk-2021-06-18/
- Viswanatha, A. (2021, June 4). FBI Director Compares Ransomware Challenge to 9/11. Retrieved from https://www.wsj.com/articles/fbi-director-compares-ransomware-challenge-to-9-11-11622799003?mod=hp_lead_pos10
- Federal Trade Commission. (2021, February). Data Breach Response: A Guide for Business. Retrieved from https://www.ftc.gov/business-guidance/resources/data-breach-response-guide-business
- Credit Suisse Research Institute. (October 2019). Global Wealth Report. Retrieved from https://www.credit-suisse.com/media/assets/corporate/docs/about-us/research/publications/global-wealth-report-2019-en.pdf
- McLean, R. (2019, July 30). A hacker gained access to 100 million Capital One credit card applications and accounts. Retrieved from https://www.cnn.com/2019/07/29/business/capital-one-data-breach/index.html
- Newman, L. (2019, May 24). Hack Brief: 885 Million Sensitive Financial Records Exposed Online. Retrieved from https://www.wired.com/story/first-american-data-exposed/
- International Monetary Fund. (Spring 2021). The Global Cyber Threat. Retrieved from https://www.imf.org/external/pubs/ft/fandd/2021/03/global-cyber-threat-to-financial-systems-maurer.htm
- Reuters. (2015, April 3). IBM: 'Dyre Wolf' Cyber Gang Stole More Than $1 Million from Businesses. Retrieved from https://www.nbcnews.com/tech/security/ibm-dyre-wolf-cyber-gang-stole-more-1-million-businesses-n334831
- Reuters Staff. (2014, December 3). JPMorgan data breach entry point identified. Retrieved from https://www.reuters.com/article/us-jpmorgan-cybersecurity/jpmorgan-data-breach-entry-point-identified-nyt-idUSKBN0K105R20141223
- Rushe, D. (2014, October 3). JP Morgan Chase reveals massive data breach affecting 76m households. Retrieved from https://www.theguardian.com/business/2014/oct/02/jp-morgan-76m-households-affected-data-breach
- Fink, G. (2014). A Silver Lining in the JP Morgan Breach? Retrieved from https://www.wired.com/insights/2014/10/a-silver-lining-in-the-jp-morgan-breach-3/
- Federal Trade Commission. (n.d.). Privacy and Security Enforcement. Retrieved from https://www.ftc.gov/news-events/topics/protecting-consumer-privacy-security/privacy-security-enforcement
- Carnegie Mellon University. (n.d.). Social Engineering. Retrieved from https://www.cmu.edu/iso/aware/dont-take-the-bait/social-engineering.html