Listen to Audio
Perhaps not surprisingly, banks, insurance companies, and other financial-service firms are 300 times more likely to suffer from a cyber-attack than other industries.
In 2018, this sector reported a whopping 819 incidents, and that figure looks set to rise for 2019 once the statistics are released. Here are some of the most prominent data breaches that have already been big news in 2019.
The First American Financial Corp. Breach
Before the internet, businesses worried about breaches like dodgy accountants stealing money. So, it was always crucial that companies hired certified public accountants to ensure they had the most professional accountants available. According to BeatTheCPA, and those who have taken the test, the CPA examination is a rigorous and demanding exam, which means you can rely on the professionalism and knowledge of a CPA. In this day and age, it is still vital for serious businesses to employ CPAs. But when it comes to breaches, it is the cyber world that needs looking at the most.
First American Financial Corp. suffered a massive breach in May when around 885 million financial and personal records related to real estate deals became hacked. What caused the security failure is not yet known, but the exposed documents were viewable to anyone without the need for authentication. Therefore, anyone who could work out the format of the company’s document URLs could potentially gain access to the names, telephone numbers, and email addresses of buyers and closing agents. A flaw in the back end of the company’s website likely led to the exposure of this data.
The Capital One Breach
In March, a hacker accessed credit card applications from Capital One. After Capital One discovered the breach in July, they found around 80,000 linked bank account numbers, 140,000 social security numbers, and 1 million Canadian social insurance numbers were exposed. The hacker was able to breach Capital One’s servers through a misconfigured web application firewall. Hundreds of millions of dollars in damages could have become prevented had Capital One configured their firewall correctly.
The Westpac/PayID Breach
When the third-party account authentication service PayID suffered a cyber-attack, it resulted in the exposure of 98,000 Westpac customers’ banking details. The Australian bank has been under scrutiny ever since, and the breach could yet be more extensive than it is currently thought to be. The breach originated because PayID allowed anyone to enter a telephone number and search for an account registered to it. Authorities believe fraudulent accounts were used to create a series of random lookups to collect the data.
The Desjardins Group Breach
In June, the Canadian credit union Desjardins Group revealed data of up to 2.7 million individual members, and 173,000 businesses had become exposed. The information included names, home addresses, and social insurance numbers. The data breach was caused by someone who worked within the Desjardins Group’s IT department. The breach highlights how essential the automated detection of abnormal behavior and least-privilege access models are in preventing this kind of attack. The Desjardins Group breach is thought to be one of the largest breaches ever seen among Canadian financial institutions.