How banks can fight the rising tide of data breaches in 2025

What you need to know:

• Hackers were allegedly able to bypass Coinbase’s defenses by bribing contractors or employees outside the U.S.
• James Papa, an IT expert, is suing Deutsche Bank and former employer Computacenter over alleged whistleblower violations.
• The beach at the Office of the Comptroller of the Currency happened due to a vulnerability in a high-level user account.

The evolution of banking technology has opened new doors for threat actors to steal customer data and hold it ransom for multimillion-dollar sums. But between the rising costs of combating these incidents and fewer cybersecurity experts to fight them, what can bankers do to shore up their defenses?

For a start, many trade groups are working together to prolong the Cybersecurity Information Sharing Act of 2015, which promotes the sharing of cyber threat information between companies or with U.S. agencies such as the Department of Homeland Security or the Treasury.

Legislation like this has helped reduce hacking frequencies among banks, but new techniques make total defense a moving target.

In the fifth annual data threat report from the global information technology firm Thales, the company polled more than 3,100 professionals in security and IT management from across the globe on worldwide trends in data security, cloud adoption, compliance and security strategies.

Malware has remained the top attack type on the rise since the debut of the report in 2021, but it wasn’t until this year that phishing replaced ransomware as the second-fastest growing technique by hackers. External hackers classified as hacktivists, those who breach data systems for political or social reasons, are the top threat actors for 2025 among respondents.

Among areas of security tech investment, Information-as-a-Service cloud security took the top spot among 31% of respondents, 14% of whom rated it a top priority. Nine percent ranked it second-highest priority and 8% put it in third.

Companies are steadily gaining ground too. In 2021, 73% of enterprises that had failed a recent compliance audit had a history of one or more data breaches, while 41% of those that passed an audit had suffered a breach in the past. This year, those figures spread further apart at 78% and 21% respectively.

“We really started to see that trend last year, and it was something we highlighted in the previous report that it’s good to see continuing into this year,” Todd Moore, vice president of data security products at Thales, said. “Even though you pass a compliance audit, it doesn’t mean you’re not going to get breached, but there’s definitely a good chance that you’re putting the best practices in place to protect yourself from a security perspective.”

Read more: FS-ISAC report warns of rising fraud and supply chain risks

While it might seem like cyberattacks are commonplace, security experts worry that financial institutions could become complacent and see them as just the cost of doing business.

“Because employees are constantly inundated with news covering major data breaches, they are beginning to think that they’re no big deal, when in reality, we have seen the real-world impacts on businesses’ bottom line,” said Max Vetter, vice president of cyber for the United Kingdom-based cybersecurity firm Immersive. 

“Many organizations, including large enterprises and financial institutions, become so preoccupied with tracking emerging threats that they overlook the basic things like patching known vulnerabilities, securing credentials, enforcing multi-factor authentication and training staff to spot social engineering attempts,” Vetter said.

Hackers who catch the banking industry off guard are more often using artificial intelligence, with deepfakes being a particular sticking point for standardized methods of fighting fraud.

Eder Ribeiro, director of global incident response for credit bureau TransUnion, said threat actors are using AI in three ways: to create more convincing scams/online profiles for social-engineering attacks; to discover faster methods to exploit network vulnerabilities; and to combine “jailbroken” publicly available models with custom-made ones as the driving force behind spear-phishing attacks.

“Armed with new tools and more experience exploiting the human attack surface specifically, threat actors are scaling their criminal efforts to attack more victims with less effort,” Ribiero said.

Read more: Bad bots are taking over the web. Banks are their top target

Banks are starting to double down on improving cybersecurity defenses in the wake of these breaches, whether it’s Capital One’s efforts to eliminate employee passwords or Lloyds Banking Group’s patent for an AI-powered threat detection system.

“The barrier to entry has dropped, and a single actor with the right tools can now launch sophisticated campaigns that once required an entire team,” said Dr. Darren Williams, founder and CEO of global cybersecurity firm BlackFog.

Below are noteworthy cybersecurity breaches that hit the banking industry in recent months, and expert insights into how others can better protect themselves.

Coinbase breach is a stark reminder of cybersecurity importance

Cybersecurity threats are evolving in lockstep with the growth of new technologies and techniques, keeping hackers one step ahead of their victims. The recent incident at crypto exchange Coinbase is the latest example of how hacking attempts come in all shapes and sizes.

Unnamed threat actors breached Coinbase’s defenses by allegedly bribing contractors or employees outside the U.S. who occupy support roles within the company to access information about customer accounts, as well as internal documentation covering customer-service and account-management systems.

Current estimates for how much the hack will cost Coinbase, which include reimbursement for customers that fell victim to threat actors and remediation costs, range from $180 million to $400 million, according to the company’s May 15 8-K filing with the Securities and Exchange Commission. 

“The Company plans to aggressively pursue all remedies. … As the Company’s investigation is ongoing, the full impact of these events are not yet known,” the filing said.

Read more: Coinbase breach highlights insider threat risks for financial sector

Aspire USA’s hack impacts more than 161,000 customers

Aspire USA, a software provider for money service businesses, fell victim to a hack that affected the personal information of more than 161,000 consumers.

Valsoft and AllTrust, the parent companies of Aspire USA, reported that the incident was discovered on Feb. 14 of last year and determined that an unnamed user was able to successfully transfer data outside of the organization between Feb. 12 and Feb. 15. Despite working with outside cybersecurity experts, Aspire USA couldn’t determine which files were affected or publicly state the vulnerability leading to the incident.

“The information that could have been subject to unauthorized access includes name, Social

Security number, driver’s license number and financial account information,” according to a notice sent to impacted individuals in Maine and the state’s attorney general.

Read more: Data breach at check casher’s vendor affects over 161,000 people

Fired Deutsche Bank whistleblower sues, alleging retaliation

James Papa, an IT expert, filed a lawsuit against his former employer Computacenter and Deutsche Bank over allegations of retaliation following problematic behavior from a coworker.

The lawsuit claims that while Papa was employed by the IT firm on contract for Deutsche Bank, he flagged behavior from a coworker in 2023 wherein the named employee was bringing his girlfriend, known only as Jenny, into the bank’s tech rooms containing computer servers with confidential information. 

Further claims in the suit allege that Jenny is a “Chinese citizen with significant computer expertise” who left the country after a second set of incidents later that year along with the employee who granted her access.

Papa’s complaint hinges on purported violations of New York State’s Whistleblower Protection Law and alleges a conspiracy to cover up security failures. He is also suing Marc Senatore, a vice president at the bank who was his direct supervisor.

Read more: Deutsche Bank contractor allegedly brought girlfriend into data center

OCC suffers major cybersecurity breach

On April 8, the Office of the Comptroller of the Currency reported that highly sensitive information from a bank regulated by the agency was exposed through a data breach.

The Feb. 11 hack occurred due to a vulnerability in a high-level user account with administrative privileges over the OCC’s email system and was caught when unusual user activity between a system administrator and staff mailboxes was detected by the OCC’s internal processes.

“I have taken immediate steps to determine the full extent of the breach and to remedy the long-held organizational and structural deficiencies that contributed to this incident,” said Rodney Hood, acting chairman of the OCC. “There will be full accountability for the vulnerabilities identified and any missed internal findings that led to the unauthorized access.”

Read more: OCC falls victim to major cybersecurity breach

Western Alliance Bank’s data breach hits 22,000 victims

Western Alliance Bank in Phoenix, Arizona, reported that from Oct. 12 to Oct. 24 of last year, the personal information of more than 22,000 consumers was exposed through a third-party vulnerability.

The bank discovered the incident earlier this year, relaying to the Maine attorney general that information involved in the breach included names, Social Security numbers, dates of birth, financial account numbers, driver’s licenses, tax identification numbers and passports. The vulnerability was located in the vendor’s secure file transfer software.

“There has been no material impact to business operations or the company’s financials, and we are reviewing existing policies and implementing additional safeguards to further secure the information in our systems,” the bank said in a statement.

Read more: Data breach at Western Alliance Bank affects 22,000 people