Banks and Breaches: Cybersecurity in the financial sector
The financial services industry is continually one of most frequently targeted industries for cyberthieves year after year. The reason is not a difficult one to surmise as banks hold the money that all cybercriminals need. According to IBM, the average global cost of data breaches reached $4.88 million in 2024. The average cost of data breaches in the financial industry however is 22% higher than the global average at $6.08 million.
Financial firms have the second highest breach cost of any industry; only healthcare attacks were more expensive. However, flying under the radar of the big flashy financial institutions like Chase and Wells Fargo are Credit Unions. The everyday banks that serve more than 139 million Americans are facing an intense surge of attacks. From September 1, 2023 to August 31, 2024, federally insured credit unions which make up nearly 4,500 credit unions across the country, reported 1,072 cyber incidents.
What makes attacks on credit unions different from big bank attacks is the vulnerability of third-party vendors. Credit unions have become increasingly reliant on third party services to help meet consumers needs and stay competitive with the big banks. Cybercriminals have noticed this reliance and look to exploit this vulnerability. According to the National Credit Union Agency, incidents related to third-party vendors make up 73 percent of reported incidents.
What could happen
Connex Credit Union - In June 2025, cybercriminals breached company systems and made off with sensitive data of 172,000 customers. Connex is one of the largest credit unions in Connecticut with over 70,000 members and over $1billion in assets.
West Virginia Credit Union - Fairmont Federal Credit Union, which operate nine regional branches in West Virginia, reported a data breach back in September 2023. The bank sent notices to over 187,000 people that their data was breached by the notorious Black Basta ransomware group.
Trellance (Ongoing Operations) – In November 2023, ransomware attackers took down over 60 credit unions across the country by hacking their third-party service provider Ongoing Operations.
What is at risk?
The financial impact of attacks on credit unions varies based on the size of the credit union. According to a 2021 Black Kite report, annual financial losses totaled $190,000 for small credit unions and more than $1.3 million for larger credit unions. It’s important to remember that this is an estimation of a single attack. The true cost can come from taking those numbers and multiplying it to the more than 4,500 credit unions across the U.S.
Looking beyond direct dollar amounts are the millions of dollars at risk due to the loss of sensitive customer data as we saw in the Connex, West Virginia, and Trellance data breaches. In the West Virginia attack, hackers made away with customer’s credit/debit card information, contact information and ATM pin numbers.
Why hire WarCollar?
Experience: We have offered offensive and defensive cybersecurity and intelligence analysis solutions since 2015. Our team of experts works with you to solve the toughest challenges in the ever-evolving digital landscape.
Penetration Testing: We use real-world tactics, techniques, and procedures to create cyber-attack simulation to test the effectiveness of your IT security defenses, policies, and staff.
Risk Assessment: We provide comprehensive assessments that identify vulnerabilities, evaluate potential threats, and measure their impact on your business. Our process delivers clear insights into your security posture and actionable recommendations to reduce exposure and strengthen resilience.
Compromise Assessment: Our skilled team provides high-level investigations using advanced tools to identify ongoing or past attacker activity in addition to identifying existing weaknesses in controls and practices. Our assessment will help reduce the security risk of attackers stealing financial assets, customer data or intellectual property.
