How Much Does a Vulnerability Cost?
Vasyl Soloshchuk ????????
CEO @ INSART | Fintech Engineering | Startup Studio | Innovation Lab | AI Data Cloud APIs Integrations B2B SaaS Solutions | Tech Investor | Podcast Host
Let’s explore the loudest cyberattacks on fintechs in 2023-2024. I picked five cases, most having international repercussions.
Feb 2023: NCB data breach
Payment card numbers with security codes are the best thing never to get exposed. But NCB Management Services lost their luck.
US-based debt collector NCB began notifying nearly 1.1 million affected individuals after it discovered the breach. The exposed information included almost every kind of personal financial data: account numbers, payment card numbers, security and access codes, passwords, and account PINs.?
Contrary to expert advice, NCB allegedly paid ransom to the attackers, assured later that the unauthorized party no longer had access to any of NCB's data. No attacks followed through.
Mar 2023: Latitude data breach
Consumer lenders usually require various identification documents to credit-check new customers. And that’s too many eggs in one basket.
- 7.9m driver’s license numbers
- 53,000 passport numbers
- 6.1m customer records with names, addresses, phone numbers, etc.
These numbers hinted to consumer lender Latitude Financial that a cyberattack on its systems was far more extensive than initially reported in mid-March last year. The company addressed the suspicious activity immediately, but the attacker had the desired information by that time.
Latitude worked closely with impacted users to reduce the attack’s effect on them. Those who chose to replace their ID documents received reimbursement.
Jul 2023: Revolut?
The digital payments giant got $23 million stolen for a software vulnerability.
On July 9, the FT reported hackers had exploited a soft spot in Revolut’s payment systems. Turned out the incident had been in progress for several months in 2022 before the vulnerability was closed. But as it often happens, the consequences arrived later.?
领英推荐
Allegedly, the vulnerability resulted in communication issues between Revolut’s EU and US systems. Several transactions were declined, and Revolut would refund accounts, as usual. However, the company would incorrectly refund money from the bank rather than the money belonging to the account.
When a US-based partner bank informed Revolut about the funds being lower than expected, Revolut guessed that trouble was brewing. While the company managed to recover some of the money, it lost around $23 million overall.
Nov 2023: ICBC ransomware attack
The Industrial and Commercial Bank of China (ICBC) is China's largest lender. Last November, its US arm suffered a ransomware attack. The effects disrupted trades in the U.S. Treasury market and caused corporate email at the broker-dealer to cease functioning.
As in the NCB case, the firm reportedly paid a ransom, according to the attackers - the Lockbit ransomware gang. In addition, the attack left ICBC's US arm owing $9 billion to BNY Mellon.?
The incident leaves us wondering about the resiliency of the $26 trillion Treasury market. By the way, ICBC’s New York branch was recently penalized with $32.4 million for the unauthorized use and disclosure of confidential supervisory information.
Jan 2024: EquiLend data breach
I guess you remember FinTech firm EquiLend recently reporting a portion of systems going offline after unauthorized access to its systems.?
The investigation and restoration of services are now in progress.?
I described the situation in detail here.
To summarize, I won’t write the generic “these cases reveal the challenges FinTechs and banks still face regarding cybersecurity.” I’m sure we better just get back to enhancing our systems and trying to think one step ahead of attackers.
?? To read more on cybersecurity in Fintech from me, visit INSART’s blog.
#cyberattack #securityincident #cybersecurity #fintech #USfintech
Helping E-commerce Brands | Business Development at ARPO Software
2 个月Vasyl, thanks for sharing!