lolloj - Fotolia

A quarter of financial sector data breaches linked to lost or stolen devices

Financial sector breaches in the US doubled in 2015 over the year before, according to a report by security firm Bitglass

Stolen and lost devices are the biggest causes of data leaks in the financial sector, which experienced twice as many leaks in 2015 than the year before, a report reveals.

The largest banks in the US have all suffered leaks in the recent past, according to the financial services breach report 2006 to 2016 by security firm Bitglass.

In the first half of 2016 alone, five of the top 20 banks in the US disclosed breaches, as did 32 other US banks.

With lost and stolen devices accounting for 25.3% of data breaches in the sector, the report said financial services organisations seem to struggle with data protection on managed and unmanaged devices.

While hacking accounted for a disproportionate number of individuals affected by financial services breaches, only one in five leaks were caused by hacking.

Other breaches were the result of unintended disclosures, malicious insiders, and lost paper records.

“Financial institutions are prime targets for hackers and are rightfully concerned about the threat of cyber attacks, device theft, and malicious insiders,” said Nat Kausik, CEO of Bitglass.

“To stay one step ahead as data moves beyond the firewall, firms in this sector must encrypt cloud data at rest, control access by contextual risk, and protect data on unmanaged devices,” he said.

Read more about data breaches

The report highlighted that the largest US bank, JPMorgan Chase, has suffered recurring breaches since 2007.

The largest breach at JPMorgan Chase, the result of a cyber attack, was widely publicised in 2014 and affected an estimated 76 million US households. Other breaches at JPMorgan were due to lost devices, unintended disclosures, and payment card fraud.

Of the three major credit bureaus, the 2015 Experian leak was the largest, affecting 15 million people. Equifax has also disclosed several recent breaches, including unauthorised accesses earlier this year that affected hundreds of thousands of people.

The requirement for financial services businesses to maintain real-time connection to the global economy impairs security precautions, and the increased adoption of cyber insurance are waylaying security efforts,  according to a 2015 report.

This is despite the banking industry being one of the most popular targets of cyber criminals, according to the 2015 Financial Services Drill-Down Report from security firm Websense, now known as Forcepoint.


Read more on Privacy and data protection