I’ll ask a simple question to start: Why is protecting a customer’s PII (Personally Identifiable Information) so darn hard?
Bad actors are at it again. Well, frankly, they’re always at it. But, what seems to be different lately is not just the increasing frequency of attacks, but the “take,” as well. Take these two most recent data breaches: LiveNation/TicketMaster and debt collection agency, Financial Business and Consumer Solutions (FCBS).
First, Live Nation. Just recently, Live Nation confirmed in a regulatory filing with the U.S. SEC ( Friday, May 31), that its subsidiary Ticketmaster had suffered a data breach. The filing stated that on May 20, the company noticed “unauthorized activity” within a database that contained “company data” and subsequently “launched an investigation with industry-leading forensic investigators to understand what happened.” The filing went on to describe that on May 27, a “criminal threat actor” offered to sell, what it alleged to be, Ticketmaster data on the dark web.
Apparently, the “criminal threat actor,” according to a June 2 Time magazine article, claimed to possess a “1.3TB database of compromised customer data, which it claims includes names, addresses, phone numbers, and credit card details of 560 million users.”
That’s a lot of users. And what has TicketMaster offered its customers? The article goes on to say that “in the aftermath of this breach, Ticketmaster users can protect themselves by staying vigilant against phishing attempts, monitor accounts and credit cards, and change passwords, using strong and unique alternatives.” That’s great. I’m staying vigilant. Now, what are YOU, TicketMaster, going to do??
I remember receiving similar “good news” when an institution with which I’d been doing business notified me that some of my PII had been exposed in a security breach. I can’t say I was very pleased when I was told that I now qualified for one year (imagine that, a whole year!) of free credit reporting so that, and I’m paraphrasing here, “I could check on my credit report regularly in order to spot any “irregularities.” First, hardly helpful and second, is that the Poster Child case of closing the corral gate after the horses have already run off, or what? Needless to say, I have bid a not-so-fond farewell to that provider, never to return again.
Do we have enough time for yet another unbelievable data breach sob story? We’ll make time because this, too, is a real doozy. In late February, Financial Business and Consumer Solutions, Inc. ("FBCS") discovered a data breach that, over the course of 12 days (can you believe that?) between February 14 and 26, hackers stole the PII of nearly 3.2 million individuals. And that PII wasn’t simply some phone numbers and email addresses. No, hackers got away with proprietary customer info that included account information, dates of birth, driver's license numbers, ID card numbers… and to top it off, full names and social security numbers.
As if that weren’t enough to put certain folks in jail, it wasn’t until April 26 that FBCS began sending out data breach letters to anyone who was affected by the breach. By then, you could just be learning that you borrowed $143K for a Mercedes G-class SUV.
What did FBCS do in response? Tell me they didn’t offer those affected individuals free credit reporting. Unfortunately, that’s exactly what they did. Yes, according to the Time article, “FBCS is providing access to free credit monitoring services for 12 months through CyEx for those individuals whose personal information was potentially affected by this incident. CyEx is a tech that specializes in assisting insurance companies, law firms, settlement administrators, and company owners in responding to data breaches.” Well, thank goodness for that. It’s reassuring to know that my free credit reporting agency specializes in assisting law firms.
What is all this leading up to? It doesn’t matter who you are, but if you’re a bank, this is particularly critical. As Shakespeare said “get thee to a cybersecurity solution.” What steps can you take to get there? Here are a few suggestions:
Maintain a robust IT team: Cybersecurity threats aren't just about outside hackers; human error within your company can be a big risk too. Financial institutions need to cut down on mistakes that could lead to data breaches, big fines, losing customers, and damaging your brand. How? By educating your employees, creating a security-first culture, and setting up processes that minimize human error.
To add to the challenges, there’s been a constant shortage of cybersecurity talent, which is a growing problem as cyberattacks increase. To tackle this, improve your data breach prevention strategies by not only beefing up your cybersecurity solutions but also by partnering with managed cybersecurity service companies to strengthen your IT team.
Secure those endpoints: With today's hybrid workforce, every remote location and user acts as an endpoint, a potential entry point for cybercriminals. These endpoints need to be tightly monitored, especially when using data sharing tools like DropBox® and OneDrive, which can increase security risks.
Watch your vendors closely: More than 60% of data breaches come from compromised third-party vendors. It's crucial for financial institutions to regularly assess the cybersecurity risks of their vendors to identify any vulnerabilities.
Go beyond with a “perimeter-less” solution: Traditional security solutions like email scanners, firewalls, and web gateways are common in a bank’s tech stack, but … with the increasing sophistication of cyberattacks, these alone aren't enough. Because most are designed to address more “traditional” attacks, they often miss new malware strains. The answer? Implement a perimeter-less approach, where every user and device is authenticated and validated before accessing any system or data. Using AI-driven endpoint response and detection tools can help proactively block and isolate threats like malware and ransomware, adding an extra layer of security to prevent data breaches.
What's next?
Don’t find yourself on that continually-lengthening list of financial services industry organizations that lose data, then face burdensome fines, irreparable reputational damage and customer attrition. Take steps to ensure that your data is safe, secure, and properly managed. Remember Meta’s $1.3 billion fine? As always, I welcome your thoughts.
Bank Marketing Center
Here at bankmarketingcenter.com, our goal is to help you with that topical, compelling communication with customers — developed by bank marketing professionals for bank marketing professionals — that will help you build trust, relationships, and revenue.
Our web-based platform puts our client partners in complete control of their marketing production process – and for a fraction of traditional marketing costs. We’re also proud of the fact that we currently work with over 300 financial institutions.
Want to learn more about what we can do for your community bank and your marketing efforts? You can start by visiting bankmarketingcenter.com. Then, feel free to contact me directly by phone at 678-528-6688 or via email at nreynolds@bankmarketingcenter.com.
1Forbes. The widening cybersecurity talent gap and its ramifications. February 1, 2022.