4 of the Biggest Data Breaches in Banking

Data breaches are more common than ever and are affecting banks all over the world.

data breaches are affecting more banks than ever
Shutterstock Photo License - Golden Dayz

Big data is causing a number of data breaches. Sadly, they often affect banks.

Banking is an important sector of the world. People use finances daily, but it doesn’t mean they are completely protected from data breaches. This article discusses four of the most significant data breaches in banking…

We put a considerable amount of trust in our banks. They hold our money and sensitive data. We expect banks to fulfil their duty and provide protection. But unfortunately, there have been historical moments where banks have faced impactful data breaches.

If you are a victim of your bank suffering from a data breach that has impacted you, you could be eligible to claim bank data breach compensation.

To learn more about four of the most significant data breaches in the banking sector and steps banks need to take to keep online data safe, keep reading…

1. Heartland Payment Systems

Heartland Payment Systems is an American-based payment process and technology provider. In 2008 they suffered a cyber incident which impacted more than 130 million debit and credit cards. Some of the compromised data involved credit card numbers, card expiration dates and cardholder names.

One of the threat actors responsible for the breach was Albert Gonzalez, who during the years of his computer hacking, stole more than 170 million debit and credit cards and ATM numbers. During the Heartland Payment System cyber attack, he had two accomplices help commit the crime. As a result of his actions, Gonzalez received a 20-year prison sentence.

The data breach incident against the company resulted in them losing hundreds of thousands of customers and an impacted reputation. Since the 2008 breach, Heartland Payment Systems suffered another data breach in 2015, when their Santa Ana, California office experienced a break-in.

2. Experian 

While we cannot consider Experian a bank, we felt this breach was significant enough to talk about, especially considering the company’s close relationship with the financial services and banking sectors.

Experian is an American-Irish company which is frequently used by corporations to process credit applications of individuals across the world, meaning it holds a considerable amount of personal data.

While a significant company like this would be presumed to have high levels of protection against data breaches, the well-known company has become a victim of many data breaches over the years.

One of their breaches, in particular, had a significant impact on their customers. It happened in 2020 when 24 million customers’ data was stolen after a South African employee fell victim to a threat actor by relinquishing a series of crucial, sensitive information. The data breach also impacted nearly 800,000 businesses.

Some of the personal information that was breached included:

  • Mobile phone numbers
  • Home phone numbers
  • Work numbers
  • Email addresses
  • Residential addresses
  • Places of work
  • Work addresses
  • Job titles
  • Job start dates

A year after the breach occurred, it was found that some sensitive data had been posted onto the dark web. This has since been deleted. 

This isn’t the first data breach Experian has suffered, with a recent incident in 2022 exposing 15 million users’ sensitive details such as names, addresses, birth dates, social security numbers, driving licenses and passport numbers.

3. 2016 DOS attack on Lloyds, Royal Bank of Scotland and Halifax

In 2017, a number of UK banking groups, Lloyds, Royal Bank of Scotland and Halifax, experienced a cyber attack that lasted for 48 hours.

During the incident, cyber criminals flooded the banking groups with millions of fake requests, which is known as a denial of service (DOS) attack. While no customer’s personal details were stolen in the cyber incident, each banking group was required to bring their systems to a halt to prevent the incident from escalating. 

Similarly, the Royal Bank of Scotland suffered the same type of cyber attack on its online services back in 2015, which lasted for 50 minutes.

4. Tesco Bank

In November 2016, 9,000 Tesco Bank users suffered a financial loss that occurred over a period of 48 hours. The total loss suffered during the cyber incident was £2.5 million but has since been refunded to all impacted customers.

Tesco Bank was fined £16.4 million by the Financial Conduct Authority (FCA) due to the failure to protect its customers from the cyber incident. This was after the FCA analysis of the matter determined the attack could have been largely avoidable.

Data Breaches Can be Daunting

What we can conclude from this article is that there is no doubt that being involved in a data breach can feel incredibly daunting. It can be worrying to think about what would happen to your personal details and particularly more so with financial details, but there are things you can do to protect yourself. For more information, take a look at Forbes’s guide to protecting your sensitive information.

How do you protect your personal data? Let us know in the comment box below.

Please be advised that this article is for general informational purposes only and should not be used as a substitute for advice from a trained legal professional. Be sure to consult a lawyer/solicitor if you’re seeking advice on data breach compensation. We are not liable for risks or issues associated with using or acting upon the information on this site.