As the adoption of the internet and mobile devices grows, the world becomes more interconnected. Although financial services certainly lagged behind other services in terms of their migration to the digital realm, in developed countries, accessing financial accounts via digital means is now mostly the norm. Most would agree that digital adoption is a positive development: it saves both time and money. However, an unfortunate byproduct of the growing use of the internet is increasing in data breaches. Data breaches are becoming more common and pose a real threat to consumers that are unaware that their information has been compromised. The information that gets revealed during data breaches is often very sensitive and includes full names and social security numbers, which can then be used to steal people’s identities which is then used to open financial accounts. Victims of identity theft discover that they’ve had financial accounts opened and new credit drawn unbeknownst to them – a common consequence of this is impacted credit scores, which has many negative consequences. Being aware of data breaches is an important first step consumer can take to protect themselves. These are the five biggest data breaches so far in 2022.
Block / Cash App Breach
In April 2022, Block, Inc. announced that it had determined that a former employee of the company had downloaded customer information from Cash App. The employee had regular access to customer information as part of their duties but continued to have this access after their employment ended. The scope of the breach was revealed to be quite significant: potentially, as many as 8.2 million currents and former users of Cash App were affected. The exposed information included users’ full names, their brokerage account numbers, brokerage portfolio value, and holdings. Fortunately, Block Inc. believes that usernames, passwords, social security numbers, and the date of birth of users were not included in the information that was exposed as part of the breach.
Texas Department of Insurance Breach
In March 2022, the Texas Department of Insurance (TDI) provided a notice that they had discovered a security issue with one of their web applications that managed workers’ compensation information. The issue was a programming code error which allowed users to gain access to a protected area of the application. Personal information about 1.8 million workers that had filed compensation claims would have been accessible online to the public from March 2019 to January 2022. The information includes social security numbers, addresses, dates of birth, phone numbers and information about workers’ injuries. The TDI sent out notices to those that were affected but claimed in March that there was no evidence to date of misuse of information.
Flagstar Bank Breach
This is perhaps one of the scarier breaches to have occurred so far in 2022. Flagstar Bank is a bank in Michigan with more than $23 billion of assets, making it easily among the largest banks in the country. The bank announced on June 22, 2022, that hackers had stolen the personal information of 1.5 million of the bank’s customers. The bank believes that the hackers were able to access the customer’s social security numbers. The bank has been notifying affected individuals by U.S. mail. Data breaches of banks are rare but noteworthy given how much sensitive information consumers entrust banks with.
Crypto.com is one of the largest cryptocurrency exchanges in the world and announced in January that hackers had broken into the wallets of 483 of its users, enabling them to steal more than $30 million from the users. The funds include $18 million in bitcoin and $15 million in Ethereum. Amazingly, the hackers appeared to have been able to bypass a two-factor authentication system – which is a very popular security measure taken to protect accounts – in order to access the wallets. Fortunately, Crypto.com revealed that they had reimbursed affected users.
Shields Health Care Group Breach
The one area that is perhaps even more sensitive than financial information is healthcare. Shields Health Care Group, which operates more than 30 facilities offering health care services across the New England region, announced in June 2022 that they were alerted of suspicious activity on March 28, 2022, involving data compromise. They learned that an unknown actor had gained access to certain of Shield Health Care Group’s systems between March 7, 2022, and March 21, 2022, and also that certain data had been acquired by the unknown actor within that same timeframe. The type of information that was compromised includes customers’ full names, social security numbers, date of birth, home addresses, provider information, diagnoses, billing information, and insurance numbers. Shields Health Care Group plans to notify impacted individuals once they have fully reviewed the impacted data.
Data Breaches Are Now Commonplace
The reality is that data breaches are now a common occurrence in society. We can be hopeful that companies will improve their security systems over time, but it is unrealistic to expect data breaches to stop occurring in the future. Consumers instead can accept that data breaches are now a part of everyday life and enact measures to protect themselves. This includes regularly monitoring your credit reports by using free tools such as Credit Karma and Annual Free Credit Report, and also by paying attention to notices about data breaches.