The Biggest Cyberattacks on the Financial Services Industry

The financial services industry is one of the most targeted out of all industries for cybercriminals. It is the most lucrative industry for cybercriminals to attack, which is why it is the most important to defend. These are a few of the biggest cyberattacks in recent years.

The Capital One Data Breach

In March of 2019, a hacker gained access to the Capital One server by a misconfigured firewall. The hacker could access credit card applications all the way back to 2005. It took Capital One 4 months to detect the breach. In July of 2019, Capital One found that a former tech worker gained access through the vulnerability and had been stealing data since March.

What was exposed?

According to Capital One, 140,000 social security numbers and 80,000 bank accounts were leaked in the United States. Over 1 million Canadian social insurance numbers were also exposed. The exposed data cost Capital One, hundreds of millions of dollars in damages.

How they could have prevented it?

Experts agree that this attack was very preventable if Capital One had correctly configured their firewall and ensured there were no vulnerabilities. A cybersecurity program like Ostra helps prevent data breaches by always running seamlessly in the background and protecting all digital entry points. Ostra detects and responds immediately to any threat.

The First American Financial Corporation Breach

Last May, the website for First American Financial Corp. was breached by hackers. The breach occurred due to an error in the backend of their website, specifically in the document management system, making it easy for any hacker to access. Being a financial company, their servers are full of private and extremely sensitive information dating back years.

What was exposed?

It is reported that the data breach exposed over 885 million financial records related to real estate deals. All the way back to 2003, that’s 18 years of sensitive information. These documents were made viewable to absolutely anyone. The leaked documents included emails, phone numbers, names, addresses, and financial information.

How could they have prevented it?

Penetration tests conducted by First American found this vulnerability in 2018 but failed to prioritize the fix for it. The company failed to patch any weaknesses, and they really paid for it. Not only did this breach cost them millions in damages, but they could be facing steep fines for rule violation by financial regulators. First American could have prevented this issue if they acted immediately instead of waiting to secure their weak spots. Websites are a huge vulnerability for the financial services industry, as they are the gateway to data breaches like this one.

Ostra’s cybersecurity solution can prevent weak spots from being exposed. Ostra allows systems to update & patch automatically with no business interruption or end-user engagement needed.

Want to find out more? Visit or contact us today at