Banks need to be careful with data. Source: Shutterstock

Banks need to be careful with data. Source: Shutterstock

What can banks learn from the Capital One data breach?

UNLIKE retailers and manufacturers, banks have always had access to plenty of customer data.

As a result of that privileged access, bankers have been cautious of how they use and share data, be it with internal stakeholders or external partners — and they’ve set an example for everyone else.

However, irrespective of how cautious bankers are, their journey to digital has made them vulnerable to data breaches and cyberattacks, putting their reputation as “custodians of sensitive data” at stake.

The most recent data breach at Capital One is a great example of a banking company bleeding customers and market value because it failed to protect its data on the cloud.

The breach affected 100 million individuals in the United States and approximately 6 million in Canada, and allowed the hacker to make away with about 140,000 Social Security numbers and about 80,000 linked bank account numbers of Capital One’s credit card customers.

The incident not only tarnished the reputation of the brand but might also cause the company to face long-term damages in the form of penalties and regulatory action.

“I am deeply sorry for what has happened. I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right,” Capital One Chairman and CEO Richard Fairbank said in a press statement.

Government bodies such as the UK’s Information Commissioner’s Office (ICO) and the US Federal Trade Commission (FTC) and Consumer Financial Protection Bureau (CFPB), through recent announcements, have made it amply clear that they’re keen on compelling companies to go the extra mile when it comes to protecting customer data.

While the incident at Capital One is unfortunate, it is definitely not the last bank that will be hacked or lose customer data.

Can we blame banks for data thefts?

It’s important to talk about data thefts and breaches at banks if they occur — but it’s hard to say whether or not banks should be blamed for it.

True, they have a responsibility to protect data, but as the world of cybersecurity gets more and more complex, fending off hackers gets that much tougher.

Some experts feel that since hackers won’t stop trying to break into banks in cyberspace, banks should invest in cyber-insurance.

Banks have always insured its vaults and assets against theft; data is an asset too, and therefore, banks should invest in appropriate cyber-insurance to protect themselves in the event of a breach.

Unfortunately, unlike insurance of a vault, a data breach affects millions of customers at once and the damages can be significant and long-lasting — which makes it difficult to insure.

So, while we can’t absolve banks from their responsibility to protect customer data, the way to bring some real change would be to either find a way to better protect data, say by using blockchains, or create more intelligent systems that help customers insulate themselves from the impact of a data breach.

In the case of Capital One, investigations are still pending. However, the breach is expected to get banks to really think about data security and the pace of their digital transformation journeys in the grand scheme of things.