Constella Web Logo white e1703116556868

Constella Intelligence Research Finds Rampant Cyber Breaches for Top Fortune Global 500 Financial Services Companies

iStock 1143075035 e1637237434461

Following the release of  Constella Intelligence’s 2021 Identity Breach Report, new and additional findings pertaining to exposures, leakages, and cyber breaches within the financial services (finserv) sector, specifically focusing on employees and executives of the top 20 FinServ companies found on the Fortune Global 500 list, have been compiled in this industry-specific report which looks at data from January 2018 through September 2021. 

Our research directly focuses on exposures related to the corporate credentials of employees and executives at the companies analyzed. 

Finserv companies have become an increasingly attractive target for threat actors throughout the pandemic and certainly will continue to be targeted in the post-pandemic period, for a few key reasons.  

 First, to enhance multichannel customer experience, companies in this sector store and use significant volumes of sensitive user data. Next, to accomplish the holistic customer experience that partly defines much of the competition in this sector, an enormous range of applications, digital programs, devices, and infrastructure have been rolled out — creating a wider attack surface for cybercriminals to infiltrate. And finally, experts predict that finserv’s distributed remote work trend is here to stay.  

McKinsey analysis published in late 2020 concluded that the finserv sector has the greatest potential to maintain remote and hybrid work models, noting that over three-quarters of employees’ time can be used productively outside of the office with no effective loss in productivity. Coupled with the fact that (according to IBM’s 2021 Cost of a Data Breach Reportthe industry has the second-highest total cost of a data breach, in part due to immense regulatory and legal frameworks for consumer protection, unique vulnerabilities exist for companies operating in this sector that should be heeded.  

Our  findings show that among the top 20 global finserv companies, exposed employee credentials are rampant. The proliferation of personal data and corporate credentials is a ticking time bomb as threat actors’ tactics become increasingly sophisticated and attack surfaces continue to expand.  

 “Left unchecked, this exposed data spells serious digital risk for financial services companies of all sizes,” said Constella’s VP, Threat Intelligence, Sean Tierney, who has worked in various cyber threat roles for companies such as Morgan Stanley, JP Morgan Chase, and UBS. “It may seem that major institutions are too large to be seriously affected by cyber threats, but that is far from the case.” 

As experts in digital risk protection, cyber intelligence, and cybersecurity continue to proactively track and analyze cybercrime targeting the industry, it is important to raise awareness regarding the principal points of attack. With increasing intensity, threat actors are exploiting vulnerabilities via the personal information of employees and executives. This report explores the ongoing digital threats finserv organizations face while highlighting the prevalence of exposures, leakages, and breaches related to the corporate credentials of executives and employees. 

Key Findings 

  • We identified over 3.3M exposed records from nearly 6.5K breaches and leakages between 2018 and 2021 from top 20 Global Fortune 500 Financial Services companies analyzed. The research demonstrates a continuous increase in the number of breaches and the volume of records exposed for the top 20 FinServ companies since 2018. Moreover, around 22% of total breaches and 27% of total exposed records identified since 2018 occurred in the first nine months of 2021.   
  • Two-thirds of breaches and leakages where employee credentials in the FinServ sector were exposed since 2018 include PII, with the most common attributes being email (100%) and password (72%). Exposed PII later sold or dumped in deep and dark marketplaces fuels the threat economy. With this data, cybercriminals can execute a wider range of sophisticated attacks targeting employees, executives, and brands including phishing, account takeover, ransomware attacks, impersonation and coordinated disinformation campaigns. Consistent with trends identified in Constella Intelligence’s 2021 Identity Breach Report, 68% of passwords exposed are plaintext or are using a weak algorithm such as MD5 or SHA1. 
  • Finserv sector employees are incurring serious risk by using corporate accounts to register on entertainment, news, retail, gaming, and other technology and services sites. Usage of corporate credentials on these types of sites can indicate a lack of cyber hygiene and increase the attack surface of organizations, making employees a key vulnerability and attack vector. 
  • Seven in ten C-suite executives profiled from Fortune Global 500 Financial Services companies have had their corporate credentials exposed in a breach or leakage since 2018. Of those executives exposed, 98% have been exposed in breaches that include PII, and over 40% had their passwords exposed. 


What Can Be Done to Protect Employees and Businesses?

  1. For all organizations, it is important to ensure that proper security and password protocols are adhered to no matter where employees are based, as threat actors aim to take advantage of the risks engendered by new hybrid and remote work models introduced due to the COVID-19 pandemic. 
  2. The more websites a corporate email address is used on, the more likely it is that an employee’s information could be exposed because it can provide threat actors with better access to both the employee’s work credentials and the company’s systems. Keeping professional accounts separate from personal uses is an easy way to protect employee credentials and company systems. 
  3. It is imperative that companies safeguard individuals with privileged access to corporate networks and critical infrastructure. Constella Intelligence’s report demonstrates the vast volume of sensitive employee and executive corporate credentials that are in circulation due to exposures and breaches.  
  4. It is critical that employees recognize the implications of their corporate information being exposed on the Internet. Changing passwords frequently, not reusing passwords, limiting sharing of personal information on public social platforms, applying customized privacy settings, and using multi-factor authentication are some of the ways employees can proactively protect their data. 


Article written by Jonathan Nelson, Digital Intelligence Specialist at Constella Intelligence


Learn More About Your Organization’s Risk Exposure 

Executives and key employees like privileged IT personnel and HR are the new attack vector for cybercriminals as they have top-tier access to sensitive information which can lead to credential theft, account takeover, and a ransomware attack. Surprisingly, most organizations do not recognize a need for employee protection – until it’s too late. Constella Employee Protection helps organizations rapidly identify and remediate threats targeting 1000s of key employees at scale with real-time monitoring, and automated early warning alerts when credentials have been exposed. 

Read the full Finserv Exposure Report to learn more.  

Try our Exposure Risk Tool to see if you, your company, or your employees have been exposed – FREE.