The FinTech industry is rapidly growing and although it has seen a decrease in the number of deals in recent months, it still maintains a good growth pace. It has proven to be a field that raises successful startup companies as 48 FinTech unicorns are valued at a tremendous amount of 187 billion dollars, 7 of which were born in the second quarter of 2019. All in all, FinTech is here to stay and become even more relevant.
Bringing up the subject of FinTech, it is impossible to omit data as a decisive factor for the enhancement of the field where finance meets technology. Data is the fuel used for the execution of numerous FinTech activities. But like any other fuel depending on how it is used and preserved, it can either keep you warm or burn the house down.
A major problem both newborn and mature FinTech companies are struggling with is keeping their data safe. As they mainly process and create financial information, which is highly attractive for cybercrimes, companies are often the subject of breaches which result in the loss of their reputation and financial drawbacks.
5 major cybersecurity breaches that we can learn from:
- Capital One – a major banking data breach
In the summer of 2019, Capital One suffered a severe data breach that affected approximately 100 million American and 6 million Canadian citizens. The data that leaked was comprised of Social Security numbers (of 140 000 U.S. citizens), Social Insurance numbers (of 1 million Canadians), 80 000 bank account numbers, names, dates of birth, addresses, balances, credit scores, self-reported income, etc. The breach caused not only reputational damage to the bank, but also cost between 100 and 150 million dollars, combined with up to 5% decrease in its revenues.
- MasterCard – Priceless data leaked
Again in the summer of 2019, MasterCard’s European unit in Germany suffered a data breach. It involved the MasterCard Priceless Specials loyalty program, administrated by a third-party company. Data such as names, e-mail and home addresses, partial credit card data, and dates of birth of 90 000 customers of the loyalty program were exposed on the internet. The platform had to be closed immediately, in order for the damage caused to be drawn to a minimum.
- Sberbank – the heftiest breach in the Russian banking
The biggest Russian bank, which holds 45% of all retail deposits and 41% of all customer loans, suffered a severe data breach in October 2019. The data of up to 60 million credit cardholders (both past and active) was found for sale on the black market for a total of 4,6 million USD ($0,076 per record). Although the breach might have been due to internal criminal action, it underlines the necessity of reliable information security mechanisms, especially in the banking sector.
- Fiserv – twice in 8 months
In August 2018 Fiserv, a global provider of financial services technology had a data leakage of transaction information and client information made available to the general public. Later on in April 2019 the company had another security issue as their system was allowing for passwords to be changed without thoroughly verifying the users’ identity.
- JPMorgan Chase – even the largest are not immune
In 2014 the bank suffered a major cyberattack as 7 million small businesses’ and 76 million households’ data leaked. The bank’s reputation suffered most as a wave of mistrust for what was considered undeniably reliable was spread throughout society. The whole data breach cost the company a staggering amount of 13 billion dollars’ worth of fines and losses.
In our extensive experience in the field of data protection, we have encountered numerous examples of data leakage from unprotected databases, some of which being in the FinTech field. For that reason we consider that SentinelDB represents a solution for assuring a company’s information security. As it is a database in which each record is encrypted separately using a secure key hierarchy is highly relevant in the current condition of the FinTech field, it could prevent the occurrence of disagreeable events as successful cyberattacks. Moreover, audit trails could facilitate maintaining the security of systems and providing fraud detection solutions and legal evidence if ever needed. This is why SentinelTrails, our solution for storage of business-related evidence in a private blockchain, serves the purpose of additional data leakage protection. As it detects anomalous behavior, it helps identify and prevent any internal or external attempt for a breach. Thus, the products of LogSentinel ensure double protection against cybersecurity threats.
LogSentinel has presented and will continue to present reliable solutions for detecting and preventing data breaches and it is widely known that prevention is always easier and more efficient than measures taken after the “disaster” has taken place. (As one of the Privacy by Design principles states: Proactive not Reactive; Preventative, not Remedial). This is one of the most important lessons that we can learn from past breaches: insufficient measures were taken in order to keep data safe and we aim (and succeed) at doing our fair share in changing this malpractice.
Denitsa Stefanova is a Senior IT Business Analyst with solid experience in Marketing and Data Analytics. She is involved in IT projects related to marketing and data analytics software improvements, as well as the development of effective methods for fraud and data breach prevention. Denitsa supports her IT-related experience by applying her skills into her everyday duties, including IT and quality auditing, detecting IT vulnerabilities, and GDPR-related gaps.