Lessons Learned from the Biggest FinTech Breaches

The FinTech industry is rapidly growing and although it has seen a decrease in the number of deals in recent months, it still maintains a good growth pace. It has proven to be a field that raises successful startup companies as 48 FinTech unicorns are valued at the tremendous amount of 187 billion dollars, 7 of which were born in the second quarter of 2019. All in all, FinTech is here to stay and become even more relevant.

Bringing up the subject of FinTech, it is impossible to omit data as a decisive factor for the enhancement of the field where finance meets technology. Data is the fuel used for the execution of numerous FinTech activities. But like any other fuel depending on how it is used and preserved, it can either keep you warm or burn the house down.

A major problem both newborn and mature FinTech companies are struggling with is keeping their data safe. As they mainly process and create financial information, which is highly attractive for cybercrimes, companies are often the subject of breaches which result in the loss of their reputation and financial drawbacks.

5 major cybersecurity breaches that we can learn from:

  1. Capital One – a major banking data breach

In the summer of 2019, Capital One suffered a severe data breach that affected approximately 100 million American and 6 million Canadian citizens. The data that leaked was comprised of Social Security numbers (of 140 000 U.S. citizens), Social Insurance numbers (of 1 million Canadians), 80 000 bank account numbers, names, dates of birth, addresses, balances, credit scores, self-reported income, etc. The breach caused not only reputational damage to the bank, but also cost between 100 and 150 million dollars, combined with up to 5% decrease in its revenues.

capital one - cyber security breaches

 

  1. MasterCard – Priceless data leaked

Again in the summer of 2019, MasterCard’s European unit in Germany suffered a data breach. It involved the MasterCard Priceless Specials loyalty program, administrated by a third-party company. Data such as names, e-mail and home addresses, partial credit card data and dates of birth of 90 000 customers of the loyalty program were exposed on the internet. The platform had to be closed immediately, in order for the damage caused to be drawn to a minimum.

mastercard - cyber security breaches

 

  1. Sberbank – the heftiest breach in Russian banking

The biggest Russian bank, which holds 45% of all retail deposits and 41% of all customer loans, suffered a severe data breach in October 2019. The data of up to 60 million credit card holders (both past and active) was found for sale on the black market for a total of 4,6 million USD ($0,076 per record). Although the breach might have been due to internal criminal action, it underlines the necessity of reliable information security mechanisms, especially in the banking sector.

sberbank - cyber security breaches

 

  1. Fiserv – twice in 8 months

In August 2018 Fiserv, a global provider of financial services technology had a data leakage of transaction information and client information made available to the general public. Later on in April 2019 the company had another security issue as their system was allowing for passwords to be changed without thoroughly verifying the users’ identity.

fiserv - cyber security breaches

 

  1. JPMorgan Chase – even the largest are not immune

In 2014 the bank suffered a major cyberattack as 7 million small businesses’ and 76 million households’ data leaked. The bank’s reputation suffered most as a wave of mistrust for what was considered undeniably reliable was spread throughout the society. The whole data breach cost the company the staggering amount of 13 billion dollars’ worth of fines and losses.

jp morgan- cyber security breaches

 

In our extensive experience in the field of data protection, we have encountered numerous examples of data leakage from unprotected databases, some of which being in the FinTech field. For that reason we consider that SentinelDB represents a solution for assuring a company’s information security. As it is a database in which each record is encrypted separately using a secure key hierarchy is highly relevant in the current condition of the FinTech field, it could prevent the occurrence of disagreeable events as successful cyberattacks. Moreover, audit trails could facilitate maintaining the security of systems and providing fraud detection solutions and legal evidence if ever needed. This is why SentinelTrails, our solution for storage of business-related evidence in private blockchain, serves the purpose of additional data leakage protection. As it detects anomalous behavior, it helps identify and prevent any internal or external attempt for a breach. Thus, the products of LogSentinel ensure double protection against cybersecurity threats.

LogSentinel has presented and will continue to present reliable solutions for detecting and preventing data breaches and it is widely known that prevention is always easier and more efficient than measures taken after the “disaster” has taken place. (As one of the Privacy by Design principles states: Proactive not Reactive; Preventative not Remedial). This is one of the most important lessons that we can learn from past breaches: insufficient measures were taken in order to keep data safe and we aim (and succeed) at doing our fair share in changing this malpractice.

SentinelTrails Demo SentinelDB Demo