Cyberattacks surged in 2023. While this is bad news for everyone, certain sectors were hit harder than others. Financial Services—which includes banks, lenders, and insurance companies—ranked as the second highest sector for cyberattacks in the first half of 2023, surpassed only by Healthcare. During this period, Financial Services entities suffered 241 attacks, which is nearly double what they experienced during the same period of 2022. Unfortunately, the consequences of these attacks involve more than just a loss of customer trust. On average, Financial Services firms lose $5.9 million per data breach—that’s 28% higher than the global average. 

As the industry stands to lose much more in the face of ongoing cyber threats if action is not taken, our cybersecurity experts, led by Mike Sanchez, our CISO & SVP Cybersecurity Solutions, have pulled together their observations from some of the more series data breaches over the last year. Learning from these moments—their causes, impact, and implications—can provide useful insights into how Financial Services can refine best practices for navigating an increasingly sophisticated threat landscape and avoid falling victim to the same attack vectors.

2023’s biggest data breaches in Financial Services (with lessons learned)

1. Stolen user credentials impact records of millions.

In March 2023, Latitude Financial, a loan and financial services firm initially reported a breach affecting 328,000 individuals. Upon completion of a full investigation, however, that number was significantly amended when it was found that the personal information of a whopping 14 million individuals had been compromised, with records dating as far back as 2005. The cause? Stolen employee credentials. 

How to avoid compromising user credentials. 

Avoiding getting your user credentials stolen often comes down to one simple thing—password protection. Here are some simple methods to keep your login credentials safe and secret: 

• Enforce regular password resets every 3-6 months and require immediate password resets for any company emails that are identified as compromised. 
• Enable multi-factor authentication (MFA) or two-factor authentication (2FA) for logins, if these are not already in use (they should be). 
• Institute a strict, no-password sharing policy.  
• Educate your users on best practices for password protection, such as creating unique passwords for different accounts and avoiding using personal credentials for company accounts.  
• Routinely check for compromises; know whether any company email addresses and or passwords have been compromised following a data breach.
  
  

2. Software vulnerability leads to SEC investigation.

Next, we are going to look at two data breaches, both caused by the MOVEit vulnerability. It’s likely you’ve heard of this, as it resulted in a number of massive data breaches and is now under investigation by the Securities and Exchange Commission (SEC). The “MOVEit vulnerability,” as it’s commonly called, is a zero-day SQL injection (SQLi) vulnerability in the MOVEit secure managed file transfer software. 

On May 31, 2023, Genworth Financial disclosed it had suffered a large data breach as a result of a third-party vendor’s use of the popular MOVEit file transfer program, which cybercriminals successfully exploited. An investigation discovered that the personal information of over 2.5 million customers, policyholders, and employees of Genworth Financial and its affiliate insurance companies had been compromised in the attack.  

On August 9, 2023, the US division of Earnst & Young announced it had also been infiltrated by bad actors through the MOVEit vulnerability. This breach, which targeted the data from Bank of America (BoA), affected the data of over 30,000 BoA customers. The stolen data included people’s full names, addresses, credit card numbers, social security numbers, driver’s license numbers, and more. 

How to mitigate risks related to the MOVEit vulnerability. 

When it comes to avoiding the effects of the MOVEit vulnerability, things are a bit more complicated, as it is related to a flaw of third-party software. CISA recommends taking the following actions to protect your organization: 

• Find out if any vendors or third-party affiliates are using MOVEit Transfer or MOVEit Cloud and ensure they have the proper patches installed. 
• Take an inventory of your assets and data, identifying authorized and unauthorized devices and software. 
• Grant only necessary admin privileges and access.  
• Establish a “software allow list” that executes only legitimate, approved applications. 
• Monitor network ports, protocols, and services.  
• Activate security configurations on network infrastructure devices such as firewalls and routers. 
• Stay up to date on all patches and updates to software and applications and conduct regular vulnerability assessments. 
  
  

In order to fix the problem at the source, it is highly recommended that you visit Progress Software’s website to get the latest information on the specific MOVEit Transfer and MOVEit Cloud vulnerabilities. At that link, you will find multiple articles regarding patches, fixes, and advisories. 

3. SIM-swap attack bypasses two-factor authentication.

In late August 2023, Kroll, a financial firm handling bankruptcy claims for insolvent crypto firms such as BlockFi, FTX, and Genesis, revealed it had been the victim of a breach resulting from a SIM-swap attack. Also known as “SIM splitting,” “simjacking,” or “SIM hijacking,” this is a technique used by cybercriminals to get control of your phone number, allowing them to take advantage of two-factor authentication to gain access to your accounts. In Kroll’s case, a bad actor was able to successfully SIM swap a Kroll employee’s T-Mobile account, then used it to steal data from the company (luckily, it seems to have only affected a limited number of people’s non-sensitive data).   

How to prevent a SIM swap attack. 

Since SIM Swap attacks are less common (for now), most people aren’t yet familiar with them. So first, let’s look at the warning signs and red flags that might indicate that someone has fallen victim to one: 

• Unusual or unexpected calls or texts about changes to mobile or cell services (don’t ignore these and contact the carrier immediately if you receive one). 
• Suddenly finding yourself locked out of your phone and or certain apps (especially banking or social media). 
• Your phone inexplicably stops working and you are suddenly unable to make or receive calls or texts (even when you seem to have plenty of signal bars). 
• Receiving service notifications for actions you did not take (such as logins from new devices, password changes, etc.). 
  
  

Now that you know what a SIM swap looks like, let’s look at some methods you can put into action to help you avoid being the victim of this type of attack: 

• Keep your phone (and SIM card) close to you. Don’t leave your mobile device unattended in public areas. Treat it the way you would treat your baggage at the airport: this will limit the possibility that someone may take or swap your physical SIM card. 
• Use strong passwords. Don’t use common passwords (such as “password123”), default passwords (“admin123”), or those that contain information someone could learn about you online (birthdays, children’s names, pet names, favorite sports teams, etc.). 
• Use security questions. Set up security questions that only you would know how to answer and avoid those that might be answerable with information that could be found online. 
• Use MFA/2FA. Most websites and apps offer some form of multifactor authentication (MFA) or two-factor authentication (2FA). Any time these are available, activate them and use them. 
• Enable biometric security features. Features such as face recognition and fingerprint scans are far harder to crack than a password. Always enable these on your mobile device when available. 
• Lock your phone number. If your service provider offers options such as Port Freeze or Number Lock that protects your mobile number from unauthorized transfer, use it. These make it so that it’s impossible to port your number to another line or carrier unless the lock is removed by PIN or by physically visiting a brick-and-mortar location. 
• Never reply to calls, emails, or text messages that request personal information. It could be threat actors who are trying to acquire information from you that might allow them to access your mobile devices or accounts (such as financial accounts or social media).  
• Don’t overshare on social media. They may be fun, but social media sites are also a treasure trove of personal information. Be sure to never publicly post sensitive or personal information such as your full name, address, phone number, and date of birth. Also avoid sharing too many details about your life such as your routine/schedule, favorite sports teams, pet names, children’s names, etc. Many of these can be used as answers to security questions.
   

Cybersecurity starts with vigilance—and having the right partner goes a long way. 

With the Financial Services sector seemingly under siege by cybercriminals, it’s easy to become a little paranoid. However, it is far better to just be skeptical and remain vigilant to stay safe. Think before you click, use all available security features, and protect your mobile devices and personal information and it won’t be used against you or your organization by bad actors online.  

Of course, having a robust cybersecurity and risk management strategy is critical to not only identifying and addressing vulnerabilities early, but also having the right resources, response team, and plan in place to take immediate action if a breach is discovered. UDT has been on the front lines of cybersecurity since 1995, and we are uniquely positioned to help Financial Services organizations safeguard their valuable data and infrastructure. 

UDT offers cybersecurity tailored solutions to help you proactively monitor your organization’s risk and prioritize strategic security updates in areas with the most impact—without compromising on convenience, quality, or cost. To explore UDT’s adaptable portfolio of products and services, contact us today.