Financial Firm Data Cybersecurity Problems Pose Severe Threat to Customers: Report

Amid a series of high profile cybersecurity problems this year, which have resulted in massive data breaches that released the social security numbers for millions of Americans, a new report highlights the serious risks that consumers face from hackers accessing their financial information, which could be held by brokerage houses, investment banks, insurance companies, credit card companies and accounting firms.

In findings recently published in the International Journal of Innovative Research in Science, Engineering and Technology (IJIRSET), a cybersecurity expert at Intuit says that although financial firms have increased their cyber defense budgets by 92% over the past year, they are still expected to see $6 trillion in global losses at the hands of hackers and other cybercriminals by 2025.

Given the vast amounts of personal data and financial information held by banks, brokerages and other institutions, these cybersecurity problems could cause wide-ranging impacts on Americans, including stolen identities, financial losses, compromised accounts and the need to take additional security measures, such as enacting credit freezes and identity monitoring.

In the report, cybersecurity expert Akshay Sekar Chandrasekaran outlines the importance of financial firms employing application security measures and complying with regulations in the industry, to maintain the trust and integrity of customer relationships.

Adoption of robust cybersecurity measures, enhancing secure coding practices, use of data encryption and embracing new technologies will all be important steps to safeguard against cybersecurity threats. However, Chandreseakaran points out that regulatory noncompliance at financial institutions is a widespread issue, highlighting cybersecurity problems that may expose consumer information.

Over the past several years, the average costs and penalties associated with non-compliance at financial firms has been steadily increasing per institution:

Average annual noncompliance penalties and costs for financial services companies:

• 2019: $7.5 million
• 2020: $8.2 million
• 2021: $9.1 million
• 2022: $9.8 million
• 2023: $10.5 million

Given the widespread regulatory noncompliance problems, the average financial firm data breach has resulted in $5.85 million in total losses in 2024, which is significantly higher than the global average across all industries.

Chandrasekaran encourages financial firms to leverage artificial intelligence (AI), machine learning (ML) capabilities and other emerging technologies to automate threat detection, monitor risks in real time and facilitate rapid responses. However, the report notes that these measures carry their own set of risks, including the requirements of massive data sets for AI training, biases in algorithms and potential attacks specifically targeting companies’ AI systems.

“In the digital age, the finance sector has become a prime target for cybercriminals due to the sensitive nature of the financial data it handles,” Chandrasekaran said. “The finance sector faces significant challenges in protecting customer information and financial data from cyber threats.”

Consumers affected by financial data breaches are at risk of identity theft and significant financial losses as well as damaged reputations, emotional distress and other consequences, such as enacting credit freezes and signing up for identity monitoring.

AT&T, Ticketmaster Data Breaches Highlight Cybersecurity Problems

In addition to specific threats to financial firms, cybersecurity has become a growing concern this year, as many high profile companies have exposed vast amounts of customers’ personal information in data breaches.

Two separate AT&T data breaches have been disclosed this year, exposing a range of sensitive data, including social security numbers and cell phone call records. The first cybersecurity failure was disclosed in March 2024, stemming from a 2021 hack that resulted in stolen personal identifying information, such as names, contact information and social security numbers being sold on the Dark Web.

A second AT&T cybersecurity problem was announced in July 2024, indicating that customers’ cell phone call records and text messages had been obtained by hackers out of a cloud-based server operated by the storage company Snowflake.

Concert promoter Ticketmaster also announced that its customers were impacted by a separate Snowflake data breach in May 2024, indicating that hackers were attempting to sell Ticketmaster customers’ information on the dark web after the data was taken from Snowflake servers.

Following these hacks, a number of lawsuits have been filed throughout the federal court system. Given common questions of fact and law raised in the complaints, a motion is currently pending with the U.S. Judicial Panel on Multidistrict Litigation (JPML) to centralize data breach lawsuits against Snowflake as part of a federal multidistrict litigation (MDL).

If the JPML chooses to consolidate all cases involving the Snowflake security problems before one judge, it would likely include both the AT&T cell record leak lawsuits and Ticketmaster data breach lawsuits.