There is no doubt that the banking industry is one of the industries most vulnerable to leaks of personal data. Any client of any bank in the world takes banking secrecy very seriously, and therefore data leakage can destroy the business and shake up the entire banking system.
A person can solve the issue of data security on their devices by coming up with a reliable username and password, installing an antivirus, or becoming completely anonymous on the Internet (a similar function is provided on free VPNs that are 100% safe for customers of any online bank). But global data leaks can really pose a serious threat.
Table of contents
Here are recent examples of high-profile leaks of banking card data that pose a threat not only to the common people but also to the entire global banking system:
Joker’s Stash: South Korea and the USA banking data breach
The most recent example of global data leakage is the shocking event of last year when Group-IB specialists found a database on the Joker’s Stash banking card resource containing data from 397,365 credit and debit cards issued by banks and financial organizations in South Korea and the United States.
The dump, uploaded to the network on April 9, 2020, was estimated by the seller at $ 1,985,835, or about $ 5 per entry. At the same time, the seller claimed that the database contains information about 30-40% of the valid cards.
The detected dump mainly contained data about the “second track”, that is, information stored on the card’s magnetic stripe, which includes the bank identification number (BIN), account number, expiration date, and may also include the CVV. The data of the second track is used for transactions for which the user needs to physically present the card. That is, theft usually occurs using an infected POS terminal, a skimmer in an ATM, or through compromising the seller’s payment system.
This is the largest sale of South Korean cards in 2020: 49.9% of the records (198,233) in the database belong to users of banks in this country. The fact is that data on bank cards of South Korea is a very rare commodity on the Dark Web. The last major dump from this country appeared on sale at the end of 2019 and also caused a lot of trouble to the reputation of the financial system of South Korea.
Leakage of 20 million personal records from the database of the Federal Tax Service of Russia
Last year, the British company Comparitech, engaged in research in the field of cybersecurity, reported that a database with the personal data of 20 million Russian taxpayers was publicly available.
It has been suggested that this data was leaked to the network by the Russian National Tax Service. The database had been online for more than a year and contained the full name, passport and contact details, ID, amounts of taxes paid, and bank details.
Capital One Data Breach
Not so long ago, as a result of the hacking of one of the largest US bank holdings – Capital One – the personal data of more than 106 million clients of this financial company was leaked into the Dark Web. A talented female hacker, Paige Thompson, was arrested on charges of this crime. In many ways, the arrest took place because the hacker herself did not hide her success and “boasted about a successful hacking on the Internet.”
DarkWeb got data on people who applied for credit card issuance in the period 2005-2019. And this is more than 100 million people in the United States and another 6 million users in Canada. The intruder gained access to names, addresses, zip codes, phone numbers, email addresses, birth dates, income information, as well as credit ratings, balance sheets, payment histories, and contact information of Capital One customers. However, information about users’ credit card account numbers for Thompson remained unavailable.
This data leak is one of the largest in banking history, and after it, many banks decided to radically revise their security policies.
Card data leaks are a real “plague of the XXI century” for the banking industry. The losses from them can only be compared with the losses from the conduct of military operations in the countries where the bank operates. Therefore, any bank needs to think through its own security system, protecting the personal data and accounts of its clients as much as possible.
The best way to do this can be the widespread introduction of complex DLP systems in the work of banks. A reliable DLP system allows you to reduce the number of data leaks by 3-4 times, and with a competent organization of work with it, even reduce it to zero. At the same time, the introduction of the DLP system, in addition to protecting the bank from leaks, allows it to solve many equally important tasks, also related to ensuring information security.