14 August Cyber Security

The Rise of Data Breaches at Big Financial Institutions: Lessons for Small and Medium-Sized Businesses

In the constantly changing world of cybersecurity, recent data leaks at big financial companies like Bank of America, Evolve Bank, and Valley National Bank show an important truth: no company is safe from cyber dangers. Following up on our earlier talk about keeping small and medium-sized businesses (SMBs) safe from cyber threats, it’s key to see how these big events can help us make our own online safety plans better.
cyber attack

Bank of America: The Infosys McCamish Data Leak In November 2023, Bank of America had a big data leak because of a cyber attack on their partner, Infosys McCamish. This event put the private details of 57,028 customers at risk, including names, addresses, Social Security numbers, and account details. The leak was found on November 24, 2023, and affected customers were told in February 2024. This leak shows the weak spots that come with working with other companies and how important it is to choose partners carefully and have strong safety rules.

Sources: https://www.americanbanker.com/news/data-breach-affects-57-000-bank-of-america-accounts
https://www.forbes.com/sites/daveywinder/2024/02/13/bank-of-america-warns-customers-of-data-breach-following-2023-hack/
https://economictimes.indiatimes.com/tech/technology/bank-of-america-names-infosys-us-unit-for-over-57000-users-data-leak/articleshow/107676417.cms?from=mdr

he Federal Reserve and Evolve Bank Mix-Up In a case that at first looked like a leak at the Federal Reserve, it turned out that the exposed data was from Evolve Bank & Trust. The cyber attacker group LockBit said they did it, and the leak included private banking details of Evolve Bank customers. This event shows how important it is to figure out who’s really behind a cyber attack and how hard it can be to find the real targets.

Sources: https://therecord.media/evolve-bank-data-breach-lockbit
https://www.getevolved.com/about/news/cybersecurity-incident/
https://www.malwarebytes.com/blog/news/2024/06/federal-reserve-breached-data-may-actually-belong-to-evolve-bank 

Valley National Bank: MOVEit Transfer Problem In August 2023, Valley National Bank had a data leak that affected about 873,000 people. The leak came from a weak spot in the MOVEit Transfer software used by one of their partners. The exposed data included names, Social Security numbers, and addresses. The bank’s response was to make their encryption stronger, add extra security steps for logging in, do regular safety checks, and work with cybersecurity experts to lower future risks. This leak shows how important it is to keep software up-to-date and to be proactive about finding and fixing weak spots.

Sources: https://www.americanbanker.com/creditunions/news/15-banks-credit-unions-confirm-moveit-data-breaches
https://www.jdsupra.com/legalnews/valley-national-bank-files-notice-of-4477828/
https://www.thinkadvisor.com/2023/08/21/moveit-hack-hit-these-life-annuity-and-retirement-firms/ 

Lessons for Small and Medium-Sized Businesses

Even though SMBs might not have the same resources as these big companies, there are important lessons to learn from these events:

Choosing Partners Carefully: The Bank of America leak shows how important it is to really check out any other companies you work with. SMBs should make sure their partners follow strict cybersecurity rules and regularly check how safe they are.

Figuring Out Who’s Responsible and Responding to Incidents: The Federal Reserve and Evolve Bank event shows how tricky it can be to figure out who’s behind a cyber attack. SMBs should have clear plans for what to do if something happens, including steps to figure out exactly what was leaked and how to tell people about it. 

Keeping Software Up-to-Date and Managing Weak Spots: Like we saw in the Valley National Bank leak, old or weak software can be a big risk. SMBs should regularly update their software and check for weak spots to lower potential dangers. 

Data Encryption and Extra Security Steps: Making data harder to read and adding extra steps for logging in can give you extra layers of safety, making it harder for attackers to get to important information. 

Regular Safety Checks: Regularly checking your systems for safety helps find and fix possible weak spots before they can be used by attackers. SMBs should do these checks often to stay ahead of new threats.

The recent big data leaks at major financial companies are a serious reminder that cyber threats are always there and always changing. By learning from these events and putting strong cybersecurity measures in place, SMBs can better protect themselves from possible attacks. Cybersecurity isn’t a one-time thing but an ongoing process that needs constant attention, the ability to change, and a proactive approach.

Building a Culture of Security

Beyond implementing specific measures, SMBs should strive to create a culture of security within their organizations. This means making cybersecurity a priority for everyone, from the top down. Regular training, clear communication about threats and best practices, and a shared sense of responsibility can go a long way in preventing data breaches.

For more ideas and strategies on keeping your business safe from cyber threats, visit our earlier blog post on Protecting Small and Medium-Sized Businesses from Cyber Threats. Together, we can make the online world safer for businesses of all sizes.