Skip to main content

Back to Blog

How Third-Party Breaches Impact Financial Institutions

The surge in phishing attacks, ransomware attacks, data breaches, and other cyber threats across different sectors not only jeopardizes the individual organizations immediately involved but creates wider vulnerabilities owing to the linked ecosystem of financial and user personal data. As such, every breach exponentially multiplies the risk other organizations face by potentially exposing data relevant to their security — including financial services, personal payment, account details, and other customer information — that can become a catalyst for fraudulent activities. In response to this interconnected network of cybersecurity risk, there is a pressing need for the financial sector to effectively detect and remediate when data from third-party breaches is leaked by cybercrime.

Lessons from Past Data Breaches

Flagstar Bank, a dominant force in the US financial landscape holding over $100 billion in assets, found itself grappling with a significant data breach that impacted over 1.5 million customers. The late discovery of the breach, which occurred in December 2021 but was only identified in June 2022, highlighted gaps in the bank’s security measures and detection mechanisms. The breach allowed hackers unauthorized access to sensitive details including individuals’ full names and social security numbers. Responding promptly upon discovery, the bank initiated an incident response plan and informed federal law enforcement. All financial institutions should take note when these events occur because the data from those 1.5 million customers could become relevant for the security of your environment. For example, cybercriminals could use social security numbers and associated information to open fraudulent accounts at any financial institution.

Similarly, breaches in other sectors such as retail can have downstream effects on financial institutions, as showcased by the breach faced by Forever 21 earlier this year. What began as an encryption failure, snowballed into leaked data including bank account numbers, social security numbers, and date of birth for over 500,000 people.

Such incidents are merely the tip of the iceberg, complemented by a series of smaller yet frequent breaches that can critically threaten the stability of banks and credit unions as well as cause diverse reputational damages. Just to illustrate, in 2021, reports cited the theft of 5.73 million credit cards. It is thus essential for organizations to continually monitor in real-time when cybercriminals and threat actors traffic customer data related to your environment on the Dark Web which, if neglected, can escalate into significant fraud.

Protecting Login Credentials

Customer credentials represent an opportunity for cybercriminals to gain a foothold in organizations, either by compromising employee accounts as part of an attack or using customer accounts to commit fraud. With most users admitting they reuse credentials across multiple or all accounts, every third-party breach can put login information at risk. Monitoring the Dark Web for compromised credentials is, therefore, not just advisable but essential. It enables organizations to stay a step ahead of cybercriminals by identifying and addressing potential security breaches before they can be exploited. This proactive approach can prevent a multitude of fraudulent activities, protecting both the financial assets and reputational standing of banks and credit unions.

For many organizations, maintaining a list of compromised credentials isn’t just a secure practice, but it’s also a requirement. Organizations complying with NIST 800-63b or IA-5 must maintain an updated list of compromised passwords. Control IA-5 (in SP 800-53) specifically mentions that organizations using multifactor authentication must still check newly created and updated passwords against this list, demonstrating that there’s no tool or control that can replace secure passwords.

Monitoring for Compromised Cards

In recent years, there has been an uptick in payment cards being compromised, leading to substantial financial losses — on average, $2,500 per compromised card. Card-issuing institutions can manage this risk by extending their Dark Web monitoring efforts to include debit and credit card information so they can proactively remediate as soon as this information becomes leaked. Payment Card BIN monitoring stands as a critical line of defense in such scenarios, aiding institutions in stopping unauthorized access and fraud, thereby protecting not only their financial assets but also the trust vested in them by countless customers. By subscribing only their institution’s BIN numbers, organizations can receive full compromised card numbers and any associated metadata without needing to reveal any sensitive data.

The Need to Elevate Security

A breach in one organization can send shockwaves that impact many others. Financial institutions need to recognize the profound implications of third-party breaches and arm themselves with the tools and strategies needed to protect against them. The incidents befalling Flagstar Bank and Forever 21, among others, are stark reminders that it is indispensable for organizations to adopt practices that encompass proactive Dark Web monitoring to protect against fraud and cyberattacks. Through diligent surveillance of the Dark Web for sensitive information such as credentials and payment card data, coupled with a remediation strategy, organizations can manage cybersecurity risks tied to third-party breaches and ensure regulatory compliance.



Josh Parsons

Josh is the Product Marketing Manager at Enzoic, where he leads the development and execution of strategies to bring innovative threat intelligence solutions to market. Outside of work, he can be found at the nearest bookstore or exploring the city’s local coffee scene.