Digital Exposure Report Finds Widespread Cyber Vulnerabilities for Top 20 Fortune Global 500 Financial Services Companies

LOS ALTOS, Calif., Nov. 18, 2021 /PRNewswire/ — Today, Constella Intelligence (“Constella”), a leader in Digital Risk Protection and Identity Threat Intelligence, released their Financial Services Sector Exposure Report: 2018-2021 Findings and Trends. This report comes on the heels of Constella’s 2021 Identity Breach Report, and includes new and additional findings pertaining to exposures, breaches, and leakages within the financial services (Finserv) sector, specifically focusing on employees and executives from the top 20 Finserv companies on the Fortune Global 500 list.

This industry-specific report examines data from January 2018 through September 2021. By analyzing identity records from data breaches and leakages found in open sources, and on the surface, deep, and dark web, Constella Intelligence’s threat intelligence team identified 6,472 breaches or leakages and 3,367,059 exposed records related to employee corporate credentials from the companies analyzed. The proliferation and circulation of this sensitive employee data enables threat actors with the necessary resources to execute a wide range of cyberattacks, including ransomware, impersonation, phishing, account takeover, and several others.

Report Finds Widespread Cyber Vulnerabilities for Top 20 Fortune Global 500 Financial Services CompaniesPost this

“This report should be a wake-up call for every bank, insurance company, stock brokerage, credit card company, and financial institution that they are attractive and viable targets for cyber threat actors,” said Constella Intelligence CEO, Kailash Ambwani. “Companies and individuals must take new precautions to protect themselves from threats with high potential to target employees as a vector to inflict reputational and financial harm.”

Financial institutions are home to an individual’s most sensitive and personally identifiable information, and this report uncovers the widespread prevalence of breaches in the Finserv sector, detailing the serious damage than can be inflicted on customers, employees, executives, and brands.

Key Findings:

  • Constella identified over 3.3M exposed records from nearly 6.5K breaches and leakages between 2018 and 2021 from top 20 Global Fortune 500 Finserv companies analyzed.
     
  • Two-thirds of breaches and leakages in the Finserv sector since 2018 include PII, with the most common attributes being email (100%) and password (72%).
     
  • Finserv sector employees are incurring serious risk by using corporate accounts to register on entertainment, news, retail, gaming, and other technology and services sites.
     
  • 70% of C-suite executives profiled from Fortune Global 500 Finserv companies have had their corporate credentials exposed in a breach or leakage since 2018. Of those executives exposed, 98% have been exposed in breaches that include PII, and over 40% had their passwords exposed.

“Left unchecked, this exposed data spells serious digital risk for financial services companies of all sizes,” said Constella’s VP of Threat Intelligence, Sean Tierney, who has worked in various cyber threat roles for companies such as Morgan Stanley, JP Morgan Chase, and UBS. “It may seem that major institutions are too large to be seriously affected by cyber threats, but that is far from the case.”

Constella monitors social media and the surface, deep, and dark web for identity-related breaches and verifies the authenticity of those data sets. Click here to download the report.

Press Release