ABA Banking Journal
No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
SUBSCRIBE
ABA Banking Journal
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
No Result
View All Result
No Result
View All Result
Home Compliance and Risk

Executive Privacy Breaches: Serious Risks for Banks

February 4, 2021
Reading Time: 4 mins read
Executive Privacy Breaches: Serious Risks for Banks

By Rich Matta

A bank’s brand is built on reputation and trust. In the interest of protecting these priceless assets, most banks are continuously upgrading and hardening virtually every aspect of their information security defenses.

Awash in layers of systems, policies, training sessions, audits and every other security solution imaginable, banks sometimes overlook one of the most basic yet menacing threats lurking right under their noses: the online personal information of their executive team. Increasingly, protecting the bank and its customers necessarily includes guarding the privacy of the bank’s executives, whose personal information is highly exposed online.

It’s no secret that executives are the most common and valuable targets for cyberattacks because they have the highest public profile, the most authority and the broadest access to sensitive information within the bank. Attackers exploit personal information to phish, dupe or impersonate bank executives online or sometimes even to locate them in the physical world.

Criminals do not need to bother scouring the depths of the dark web to dig up this personal information—it’s sitting right on the clear web for all to see. There are well over 100 large people-search sites and data brokers in the U.S. whose entire business model depends on gathering personal information from public records, plastering this information online and selling it for a quick buck or a few monetized ad impressions. With a simple Google search of a person’s name, plus their city of residence or the word “address,” one can easily locate home addresses, email addresses, phone numbers, streets where people grew up, high school mascots, mothers’ maiden names, children’s and relatives’ names, and more.

Online vulnerabilities in the wake of the pandemic

As you probably know, the problem is only growing. According to the Modern Bank Heists 3.0 report, cyber attacks targeting banks have increased 238 percent in recent months. Unfortunately, the generic phishing emails you can easily spot in your spam folder are not the most dangerous problem. The biggest threat comes from highly personalized and believable executive spear-phishing schemes that can fool even the most cautious individual.

A common example of this type of attack is a “fake flight” confirmation email that uses the actual details of an executive’s upcoming trip to trick the target into opening a malicious attachment or link. According to a 2019 FBI Internet Crime Report, business email compromises and social engineering attacks like this cost enterprises $1.7 billion in 2019.

Attacks like these are much more likely to succeed if someone gains access to an executive’s personal details. A common attack might start with finding an executive’s personal email address on a people-search site, phishing their password with a targeted email to their personal inbox and then attempting to use this stolen password to gain access to bank systems.

If you are uncertain how this works, take a look at how hackers spear-phished John Podesta, chairman of Hillary Clinton’s 2016 presidential campaign, by targeting his personal Gmail account and then re-using the stolen password to access his entire history of email conversations with other senior officials and politicians. Around the same time, Vice President Mike Pence experienced this same kind of attack on his personal email account.

For a typical executive, privacy services tend to find and remove between 300 and 1,000 instances of personal information across more than 100 people-search and data-broker sites, helping to make covered executives much harder targets. Removing personal information is also important because it helps secure the physical safety of the executive and his or her family, making it much harder for bad actors to target them in person.

An investment too costly to ignore

The rapid rise in state-sponsored cyber attacks is just one reason why investing sufficient time and resources into executives’ privacy is a cost-effective risk-management strategy. In fact, a recent warning from a collection of U.S. government agencies found that a North Korean group stole tens of millions of dollars in 2020 alone in the wake of the COVID-19 pandemic. Though state-sponsored attacks may only account for an estimated 10 percent of cyber attacks, they can be especially difficult and costly for banks to stop.

A 2019 report from Accenture and the Ponemon Institute points out that the cost to address and contain cyber attacks is greater for financial services firms than for companies in any other industry, and the containment costs are only continuing to rise. Additionally, the report found that investments in security intelligence and threat-sharing technologies have an estimated annual return on investment of 22.5 percent.

Smaller banks, which often have fewer resources to defend against sophisticated cyberattacks, are even easier to infiltrate. Earlier this year, the Federal Reserve Bank of New York warned that a cyberattack on a subset of small or midsized banks could have a domino effect on larger banks.

Proactive steps banks can take

One of the best defensive actions is to scrub the internet of the personally identifiable information that cyber criminals can use to mount such attacks. Here are three ways to do so:

1. Google your executives regularly. Find out what the attackers will learn when they search. What information, from addresses and charity causes to other interests, can criminals use to dupe others?

2. Have your executives opt out of people-search sites. This can be an arduous and confusing process, but it’s an important one to take. Data is the most valuable stock that is being traded online every second.

3. Have your executives (and their families) lock down their social media privacy settings. This can help reduce the digital breadcrumbs that attackers use to sniff out the most personal details.

Some people assume that without a long-awaited federal data privacy law, true privacy protection is impossible. This may be true in an academic sense, but it’s simply not true in practice. By protecting your executives and helping them control their own personal data, you can significantly reduce the risk of criminals finding a way into your bank’s systems—a move that will preserve invaluable customer trust and goodwill in the long run.

Rich Matta is a data privacy advocate and chief executive officer of ReputationDefender, a global digital privacy and online reputation management firm.

Tags: CybersecurityOnline reputation managementPhishingSocial engineeringSocial media
ShareTweetPin

Related Posts

ABA, BPI support proposed process to create drone no-fly zones

ABA, BPI support proposed process to create drone no-fly zones

Cybersecurity
July 7, 2026

In a joint letter to the FAA, ABA and BPI said that unauthorized unmanned aircraft activity near financial institution sites can create “obvious and legitimate risk” to physical security as well as cybersecurity, as the technology can be...

How to Talk About Your Bank’s Fintech Collaborations

The trust dividend

Technology
July 7, 2026

How regulatory and consumer expectations are shifting how partner banks compete for fintech deposits.

FCC grants ABA-requested extension of ‘revoke all’ rule’s effective date

ABA joins with consumer rights group to protect fraud alerts

Compliance and Risk
July 1, 2026

ABA joined with the National Consumer Law Center and ACA International in proposing to the FCC a rewrite of the “revoke all” rule. The rule is set to take effect on January 31, 2027, but the FCC is...

A close call with fraud

ABA Fraudcast: Defending customers from wire fraud

Compliance and Risk
July 1, 2026

'It's asking questions like: Have you been coached? Is someone telling you to do this? Is this going into an account that you opened or authorized to be opened?'

Republican lawmakers urge Trump officials to preserve CDFI Fund

House committee advances ABA-backed bills on fair credit liability, check fraud

Compliance and Risk
June 30, 2026

The House Financial Services Committee advanced legislation that would align Fair Credit Reporting Act liability with other financial consumer protection laws, reform the Securities and Exchange Commission and give banks more time to verify suspicious checks. The three...

FinCEN issues alert on oil smuggling schemes along southwest border

FinCEN issues alert on fuel smuggling schemes linked to Mexican cartels

Compliance and Risk
June 30, 2026

FinCEN issued a supplemental alert for financial institutions on suspicious activity connected to Cartel de Jalisco Nueva Generacion and other Mexico-based transnational criminal organizations smuggling fuel from the U.S. into Mexico in schemes involving Mexican tax evasion known...

NEWSBYTES

CFPB releases its Fall 2025 Unified Agenda of Regulatory and Deregulatory Actions

July 7, 2026

ABA, BPI support proposed process to create drone no-fly zones

July 7, 2026

International trade deficit increased by $23 billion in May

July 7, 2026

SPONSORED CONTENT

Why Your Systems Keep Slowing Down — and What to Do About It

Examiners Are Now Looking at Your Non-Core Systems

June 11, 2026
Your Floorplan Audit and Your Credit Decision Are Weeks Apart. That Gap Has a Price.

Your Floorplan Audit and Your Credit Decision Are Weeks Apart. That Gap Has a Price.

June 1, 2026
A Modern Blueprint for Serving High-Net-Worth Families

A Modern Blueprint for Serving High-Net-Worth Families

May 28, 2026
Why Your Systems Keep Slowing Down — and What to Do About It

AI Is in Your Bank. Is Your Cloud Contract Governing It?

May 20, 2026

PODCASTS

Podcast: Financing America’s independence

June 29, 2026

Podcast: Talent and innovation in community banking

June 18, 2026

Podcast: Understanding bank regulators’ guidance on illegal immigration

June 11, 2026

American Bankers Association
1333 New Hampshire Ave NW
Washington, DC 20036
1-800-BANKERS (800-226-5377)
www.aba.com
About ABA
Privacy Policy
Contact ABA

ABA Banking Journal
About ABA Banking Journal
Media Kit
Advertising
Subscribe

© 2026 American Bankers Association. All rights reserved.

No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive

© 2026 American Bankers Association. All rights reserved.