Top Five Data Breaches in Finance History

finance city buildings

It’s no surprise that the financial sector is one of the most targeted industries by cybercriminals. To put it simply– cybercriminals go where the money is. For hackers, financial institutions offer multiple opportunities for profit including fraud, extortion, and theft. Financial institutions store large amounts of sensitive financial data, which translates into large payouts for hackers looking to fill their pockets. 

With finance ranked high with education, energy, and healthcare on the list of industries most at risk of cyber-attacks, it should be at the top of every financial institution’s list to secure their data. This article aims not only to list the top seven attacks in finance history but also to discuss what we can learn from these incidents. 


1. First American Financial


According to Forbes, in May of 2019, a security researcher and a whistleblower reported the most significant data leak in the financial industry to date. The breach compromised over 800 million mortgage documents that detailed countless innocent people’s names, social security numbers, bank account numbers, and addresses. Documents discovered dated back to 2003 up to the date of discovery. The Fortune 500 mortgage company mistakenly digitized these sensitive documents without any protection. Essentially, anyone with the link could view the documents. 


What We Can Learn

First American Financial’s biggest mistake was the lack of a plan to proactively protect these confidential documents. First American had no identity verification– let alone process for safeguarding this information. There was essentially nothing protecting their customers’ personal information from hackers. If your organization handles the sensitive information of others, the Federal Trade Commission (FTC) recommends starting with these five steps:

  1. Take Stock: Take note of what and how much information you are currently storing. 
  2. Scale Down: Keep only what’s needed. 
  3. Lock It: Protect the information that you store. In this case, encrypt files, use MFA, passcode protection, limit employee access, and consider hiring a third-party SOC provider to keep a 24/7 watch on your digital infrastructure.
  4. Pitch It: Dispose of outdated information that is no longer needed. 
  5. Plan Ahead: Create a response plan ahead of time in the case of a breach. 



2. Equifax


On September 7th, 2017, major credit reporting agency Equifax reported a breach affecting more than 143 million Americans. Hackers gained access to the data by exploiting a vulnerability in one of the company’s web servers. Some 209,000 of the stolen records also included whole credit card numbers. The vulnerability,  CVE-2017-5638, was seemingly neglected by Equifax, as the patch for this vulnerability had been available for some time. 


What We Can Learn

Like First American, Equifax seemingly had no process to secure their customers’ data. Their negligence in adhering to the release of newly found CVEs and implementing their patches more precisely is to blame. For all businesses, staying up to date on the release of CVEs is crucial in keeping valuable data from compromise. Second, Equifax should’ve had better monitoring across its digital infrastructure. This type of monitoring is available through third-party SOC providers who monitor and notify organizations of security alerts. 



3. Heartland Payment Systems


Heartland Payment Systems, which specializes in payment and payroll systems, experienced a breach in 2008 large enough to make it on this list. According to Proofpoint, after two months of digging by a team of cybersecurity experts, the culprit of a slew of suspicious Visa and MasterCard transitions was discovered. It was found that an SQL injection in 2007 had modified the code on a Heartland login page, allowing the hacker access. The breach resulted in the company losing over $200M. Albert Gonzalez was later charged with a 20-year prison sentence for the crime. 


What We Can Learn

Heartland’s biggest mistake in its security strategy was confusing compliance with security. Heartland was PCI DSS compliant when the breach occurred, but these regulations still did not protect their or their partner’s data. Compliance standards set organizations on the right path but don’t promise total security. Additional cybersecurity systems are necessary for organizations in the finance industry. 

The attack also affected Heartland’s partners, who utilized their payment processing services. This breach shows the importance of vendor risk management to protect third parties that also may be affected.



4. Capital One


A former Amazon employee was convicted in a 2019 Capital One breach where the employee used knowledge of cloud server vulnerabilities within Capital One and other companies to steal the personal information of over 100 million people. The former employee was convicted of wire fraud and five counts of unauthorized access to a protected computer. Capital One was found guilty of lacking security practices and was fined $80 million by the Office of Comptroller of Currency. Capital One is also set to pay an additional $190 million in the settlement.


What We Can Learn

This breach would not have occurred if Capital One had better secured its cloud infrastructure. As 90% of current US businesses use the cloud, we recommend that most organizations implement Cloud Security Posture Management (CSPM) into their cloud security. CSPM provides discovery and visibility into your cloud infrastructure assets and security configurations, allowing you to access a single source of truth across multi-cloud environments and accounts.



5. JP Morgan Chase & Co.


In August 2014, JP Morgan Chase & Co. reported they had experienced a breach that would affect more than 76M households. Information compromised consisted of their customer’s contact information– names, addresses, emails, and phone numbers. According to UpGuard, The hackers allegedly gained access to high-level administrative privilege after the JP Morgan security team failed to implement MFA after updating a company server. 


What We Can Learn

This breach reminds us that hackers are always ready to pounce on any cracks they see within an organization’s security. Practicing security processes to keep good cyber hygiene is a basic but vital step in securing an organization. 

To avoid ending up on one of these lists, it’s crucial that business leaders stay informed and well-versed in their security and equip their organizations with the proper security solutions and training. A well-trained and well-equipped security team has a much higher chance of mitigating the risks involved with being in the finance industry. For smaller organizations, consider using a third-party SOC provider to monitor your organization’s security.




AgileBlue was named in the CyberTech 100, a list of the world’s most innovative cybertech companies that every financial institution needs to know about in 2022. 

If you’re interested in taking a more confident stance on your organization’s security, we’d love to help. AgileBlue offers a 24/7 SOC|XDR platform that is proven to detect indicators of attack across your entire digital infrastructure and cloud before a breach occurs. 

Please provide information about yourself to request a demo using the form below. A member of our team will reach out promptly.

Written by Peter Burg

Peter Burg is Director of Business Development at AgileBlue, partnering with organizations who are looking for ways to make IT and cybersecurity work. Peter currently resides in Minnesota and is a big baseball fan.

August 23, 2022

You May Also Like…

Request a Demo

AgileBlue is a software company with an innovative SOC-as-a-Service for 24X7 network monitoring, cloud security, data privacy and compliance.

Our modern SOC-as-a-Service is built on innovative machine learning and autonomous execution. If you would like to discuss our SOC-as-a-Service, Partner Program or schedule a brief demo please give us a little info and we will contact you immediately.