The 12 biggest known data breaches involving U.S. financial services companies and companies in closely related sectors may have affected more than 65 million Americans in 2023. A search of records collected by the Maine attorney general's office, the Indiana attorney general's office, the U.S. Securities and Exchange Commission and other sources revealed that those breaches have reported victim counts ranging from about 10,000 to 37 million. Attackers used a variety of methods to get into the companies' systems. For a look the companies affected, see the gallery above. What it means: You need to help clients understand the importance of picking hard-to-crack passwords, changing passwords often, monitoring financial accounts closely and taking other steps to protect themselves against strangers who may know everything from the city where they were born to their debit card security codes. The data: The United States does not have one big, public database that lists all known breaches, and few states run breach databases that provide national impact numbers. Because Maine and Indiana are two states that do provide national impact figures, we relied heavily on their breach report databases. We included national investment companies, money center banks, life insurance and annuity issuers, retirement services providers, distributors, support services companies, and companies in some other sectors that have become key components of the financial system. We excluded health insurers and regional banks, and we combined all of the many companies affected by the Cl0p ransomware group's attack on the MOVEit file transfer system, which affected an annuity holder and pension plan participant tracking firm's efforts to help clients locate their customers, in one entry. Progress Software, the company that runs the MOVEit system, has emphasized that it took steps to address the MOVEit system vulnerability the instant it learned of the vulnerability. The attacks: The attacks included traditional system hacking; phishing, or efforts to extract system access information from authorized users; and credential stuffing, or automated moves to see whether stolen passwords that work on one system might work on another.
Related:
|Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Allison Bell
Allison Bell, a senior reporter at ThinkAdvisor and BenefitsPRO, previously was an associate editor at National Underwriter Life & Health. She has a bachelor's degree in economics from Washington University in St. Louis and a master's degree in journalism from the Medill School of Journalism at Northwestern University. She can be reached through X at @Think_Allison.
