Blog

Data Breaches in 2019 – A Year in Review

James Efron
December 31, 2019
5 minutes read
5488

Stepping into 2020, the year 2019 has been on the rollercoaster in terms of security breaches. Data breaches continue to make headlines all across the globe. And with every passing year, there has been a significant increase in the numbers. No matter what the size of an organization is, no business is too small or large to fall victim to a data breach.

Every industry whether healthcare, financial or e-commerce, is equally immune to threats and attacks. The increased security breaches make it evident that attackers are able to circumvent the defensive measures put in place. Entering into the fourth industrial revolution, data is the new currency. Regardless of the type of organizational data, it is always useful for the attackers.

Factors Fueling Data Breaches

To say the year 2019 has been a year of data breaches won’t be an understatement. During the first nine months of 2019, around 7.9 billion records have been compromised according to Risk-based Security Reseach and are expected to be 8.5 billion in the whole year. As per statistics, these numbers are up 112% as compared to mid-year 2018.

The data exposed included the personally identified information (PII), email addresses, passwords, bank account information, social security numbers, etc. This increased ratio of data breaches is raising serious concerns for businesses. It is important to know what’s causing the rise in data breaches. Here are the core three drivers

1. Excess Information to Steal

When a robber was asked why he robbed a bank, the reply was “because that’s where the money is.” The same is the situation with increased data breaches; since there’s more information to steal. Living in the digital era, businesses actively rely on cloud technology and data banks to conduct business operations and store valuable information.

The stored information not only includes business data but also the consumers’ information. This data holds a crucial value in the digital world, not in just terms of personalized marketing. In fact, the consumers’ data is sold on the dark web for criminal and fraudulent gains. To access this data, hackers and cybercriminals are extensively working hence resulting in data breaches.

2. Technology Facilitates Hacking

While the advancement of technology is shaping the business industry, it is also being misused by the bad boys out there. Technological innovations have made it easier for hackers to use specialized hacking tools to target businesses and individuals. Through automated attacks, for instance, brute force attacks, keylogging, dictionary attacks, etc., hackers are getting successful in breaking into the businesses and gathering the valuable data stored.

The exploited data often leaves the victims vulnerable to identity theft, account takeovers and other digital frauds. Moreover, the business’ reputation is ruined and they fall under strict regulations hence held liable for compliance violations.

3. The Crime of Opportunity

Hacking and data breaches often considered as the crime of opportunity because of people being careless about security. Upon investigation of the breaches, multiple reports highlight the slack handling of data and inefficient security practices as the core reasons for data breaches.

While the attacks on renowned and large cooperations are disclosed and receive media coverage, the small organizations are often ignored. It makes the smaller businesses to be under greater risks because even they contain more valuable data yet have poor security measure than large firms.

data breaches 2019

Tips to Prevent Data Breaches

Considering the above mentioned first two drivers, there is nothing much business could do. Abandoning the technology to go back in time is not possible right? But what you can do is just take some precautionary measures, follow security practices and consider technology solutions to reduce the vulnerability and threat to attackers. Some of them are:

Update your Software

Non-updated software can prove to be fatal for an organization because it opens up backdoors for hackers to exploit the system. Make sure all of your software are always up to date and protected. Sometimes, the new updates contain the latest patches to protect possible threats and address the previous loopholes. Hence, it’s important to install updates timely. The failure to do so can make your operating system vulnerable to data breaches and other malicious viruses.

Practice Advanced Authentication Methods

Passwords have always been the primary line of defense against hacking. But the technological advancements have made passwords an inefficient authentication method. Through phishing and brute force attacks, breaking a password is no more of a difficult task. Businesses need to pay attention to their authentication checks. Most of the time, data breaches are influenced by a company insider.

Integrating the advanced authentication checks such as AI-powered face verification and ID verification can protect unauthorized access to the companies data.

Educate your Employees

According to IBM, the average time to recognize a data breach in 2019 was 206 days. The reason is the lack of awareness among the company employees. Businesses need to educate their employees about online threats and how to protect themselves in the digital world. Moreover, it is the duty of organizations to ensure that their employees clearly understand the practices hackers use to trick the employees and target companies, so that they can recognize signs of a data breach at initial stages.

Set Security Policies

The well-designed company policies are essential for the success of any business. While we are talking about data breaches, the company’s security policies must be put in place that must be made mandatory for every employee to follow. For instance, since many employees use personal mobile phones at their work station, the security guidelines for the usage of devices can be set.

Disclaimer: No warranty is herein provided that the information contained in this document is accurate, up-to-date, and/or complete. In no circumstance(s), does such information constitute legal or any other advice. Any person who intends to use, rely, pass-on, or re-publish the information contained herein in any way is solely responsible for the same. We suggest to verify the information and/or obtain expert advice independently if required.

Recent Posts

Blog
Corporate Transparency Act - The Road to Better AML Compliance
Factors Fueling Data Breaches
Tips to Prevent Data Breaches
According to the latest reports, the United States ranked number 1 for not complying with the anti-money laundering regulations. Around 12 penalties were imposed on the US banks and Goldman Sachs had the highest fine of €3.30 billion (USD 3.90 billion). Given the rise in money laundering activities in the US, the Corporate Transparency Act was structured. Recently, the Senate has passed the act. Financial institutions of the United States have until January, 2022 to report to FinCEN according to the updated laws. Once the Act is in action, the US companies have to report their Ultimate Beneficial Owners (UBOs) to the Financial Crimes Enforcement Network (FinCEN). In 2022, new Limited Liability Corporations (LLCs) have to report their UBOs and any changes in the beneficial owners will be reported as well. However, any corporations formed before the effective date will have two years for reporting to FinCEN. Let’s dive deeper into the corporate transparency act and how can companies efficiently comply with it.

Read more: Record-Breaking Fines on Banks for KYC/AML Non-Compliance

What is the Corporate Transparency Act?

The Corporate Transparency Act (CTA) directs the FinCEN to maintain a national record of all the ultimate beneficial owners (UBOs) of companies within the US. Any changes in the UBOs must be reported too. The Act focuses on eliminating the shell companies that facilitate money laundering and terrorist financing.
Requirements for Corporate Transparency Act

As per this Act, the term beneficial owner refers to anyone who owns 25% or more equity share, has some substantial control over the company, or receives benefits from the company’s assets. Therefore, verifying these stakeholders is essential for the company.

FATF’s recommendations for best practices on beneficial ownership for legal persons have been best categorised in the Corporate Transparency Act of 2019. According to this Act, companies have to provide the following information about the ultimate beneficial owners to FinCEN.

Complete legal name of the owner

Owner’s date of birth

Current residential or business address

Unique identification number as on the passport, driving license, or the ID card

The company has to submit an annual report of the current UBOs and any changes in the previous year’s owners to FinCEN.
Current Scenario of the CTA

According to the current situation, some sections of the Act need more clarification and specifications to address minor details. The Corporate Transparency Act has not clearly defined beneficial owners as direct or indirect substantial controlling authorities. Any failings in the Act can lead to more challenges for businesses and violations of the Act will lead to heftier penalties.

Anyone who assists in the creation of legal entities like attorneys will be monitored. Previous iterations in the Corporate Transparency Act categorised formation agents as financial entities and made them subject to the AML and reporting obligations of the Bank Secrecy Act. In the current version of the Act, references to formation agents have been removed. However, the rulemaking authority given to the Department of Treasury can expand requirements for business. This will ultimately broaden the scope of potential criminal liability.

Next Steps for the Financial Institutions

Until long-term actions have been decided, here are some short-term actions that must be considered by form corporation and entities:

Assess if your company has reported the beneficial ownership requirements according to the Corporate Transparency Act or not.

Create a checklist of the reporting requirements

Under the Act, every beneficial owner must be identified

Endorse all identity verification documents of every individual that is considered as a beneficial owner

Plan renewal in case of expiration of the documents of UBOs

There must be a risk ranking system that account for variables like country of origin, service provided, and categorize the levels of risk within relationships

A “trust-but-verify” approach must be leveraged if any of the information raises red flags suggested by FATF

There must be a sound process for keeping the reporting mandates in touch. This includes the people responsible for collecting information of beneficial owners and filing with FinCEN

Annual monitoring for tracking compliance is important

Sufficient resources must be allocated for better compliance with the new filing obligation

Penalties for Non-Compliance with Corporate Transparency Act

The CTA has announced hefty penalties for any company that does not comply with the regulations. According to the Act, USD 10,000 must be paid as civil penalties. Furthermore, criminal fines and up to three years of imprisonment have also been announced. In order to comply with these regulations and avoid any fines or penalties, it is better that the US-based companies employ Anti-Money Laundering (AML) screening.

With the help of AML screening, organisations verify all the stakeholders and any high-risk customers can be identified before they become the company’s problem. This screening cross-checks the identity of the person with numerous sanction lists. Lastly, enhanced due diligence checks are also an option that can help your company comply with the regulations.

Summing It Up

The rise in criminal activities has led to amendments in Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations. The new laws are designed to make customer due diligence and identity verification measures as rigid as possible. Criminals should not be allowed to surpass these checks at any cost, and better laws can help companies in this regard. The Corporate Transparency Act (CTA) will be active in January 2022 and businesses have until then to report FinCEN about their Ultimate Beneficial Owners. USD 10,000 civil penalties, criminal penalties, and up to three years of imprisonment is the punishment if any organisation fails to comply with CTA.

The purpose of Corporate Transparency Act is to combat money laundering and terrorist financing. With the help of Anti-Money Laundering screening, companies can ensure enhanced due diligence of all the customers. It will not only help onboard the right customers, but it will also assist your company in better compliance with CTA.
Multi-layered identity verification and background screening of beneficial owners is now inevitable for the US finance sector. All risky entities will be highlighted and reported timely, reducing the risk of money laundering and terrorist financing in the USA.

Want to know more about automated AML screening? Talk to our experts.
Talk to us

Data Breaches in 2019 – A Year in Review