Worst Financial Data Breaches of 2021

2 mins to read

Data breaches remain a challenge despite an increase in cybersecurity awareness and investments for financial organizations. This past year, 2021, has been a particularly dire year for cloud data breaches taking aim at the finance industry, with incidents taking down networks for weeks at a time, disrupting business throughout the country, and in some cases closing down organizations.

To keep a tab on a complete list of organizations impacted by cloud data breaches, check out our Breach Watch. There you’ll find a complete list of organizations impacted by cloud data breaches this year, but for anyone who needs a refresher on how things have gone, here is a small list of 2021 data breaches affecting the financial industry:

Financial Data Breaches of 2021

Organization: Reserve Bank of New Zealand

Date reported: 1/10/21

Number of individuals affected: 3 million individuals

What happened? The Reserve Bank of New Zealand suffered a data breach after actors illegally accessed its information through one of the bank’s third-party file-sharing services. 

Organization: American Express

Date reported: 1/5/21

Number of individuals affected: 10,000 individuals

What happened? A hacker posted data of 10,000 Mexico-based American Express card users on a forum for free. The information included full credit card numbers and personal information such as emails and addresses but did not contain passwords or expiration dates. In the forum post, the hacker also claimed to have more data information from Mexican bank customers of Santander, American Express, and Banamex.

Organization: Morgan Stanley

Date reported: 7/8/21

Number of individuals affected: 3 million individuals

What happened? Personal data of some of its corporate clients was stolen in January in a data breach that involved a third-party vendor and bad actors accessed information, including social security numbers.

Organization: Bitmart

Date reported: 12/10/21

Number affected: $200 million

What happened? The incident was a ‘large-scale security breach‘. Stealing a single private key is all it took for cybercriminals to haul away a whopping USD 200 million worth of cryptocurrencies.

Organization: Neiman Marcus Group

Date reported: 9/9/21

Number affected: 4.35 million customers

What happened? Neiman Marcus Group learned that unauthorized persons accessed the personal information of 4.35 million customers after an attack. According to the department store, approximately 3.1 million payment and virtual gift cards were affected, more than 85 percent of which are expired or invalid.

Organization: Robinhood

Date Reported: 11/1/2021

Number affected: Millions of users

What happened? The trading platform said an “unauthorized third party” managed to get their hands on PII of five million people or more.

Now this was just the beginning. Several of the breaches on this list were limited to information many would not consider sensitive by nature. While it’s good that companies are taking steps to protect their most sensitive data, it’s also important to remember that a leak of basic information could still be damaging to those who depend on your organization and especially your customers and reputation. Plus, depending on the type of data breach, it could be a door opening for further access.

A strong theme throughout the breaches above is that they were discovered by third parties before the native security team. Outsiders will blow the whistle on a data breach after seeing hacker chatter, data for sale, and leaked credentials on the dark web. This means outsiders know you have a data leak before you do.

By identifying the mechanics behind the data breaches of 2021, enterprises can fine-tune their existing practices and assume a proactive stance toward eliminating data security risks.

cloud misconfigurations