The financial services industry—encompassing banks, credit unions, investment firms, insurance providers, and fintech companies—continues to face growing cyber risks in 2025. According to IBM’s Cost of a Data Breach Report, the financial services industry experienced thousands of breaches globally, with an average cost of $4.88 million per incident— significantly higher than the global average. These threats are intensified by the proliferation of digital banking and digital assets, which expand attack surfaces and introduce novel vulnerabilities. Endurance Advisory Consultants and Summit Financial Group have partnered to offer joint assessments, expert advisory, troubleshooting, and customized insurance solutions, helping institutions build a unified approach to cybersecurity.
Ransomware Attacks
Ransomware incidents in finance surged by 126% in Q1 2025. While attacks remain prevalent, total ransom payments decreased by 35% year-over-year to approximately $813 million in 2024, with only about 28% of victims paying ransoms. Robust backups and cloud- based redundancy have reduced vulnerability, while AI-enhanced endpoint protection and automated incident response tools enable early detection and isolation, mitigating impacts.
Phishing and Social Engineering
Verizon’s 2025 Data Breach Investigations Report indicates that phishing contributes to 14% of breaches, amplified by AI-generated deepfakes targeting digital banking users. Advanced mitigation strategies, including multi-factor authentication (MFA) to block credential theft, AI-based email filters for detecting anomalies, and behavioral analytics-augmented user training, are reducing effectiveness. Zero-trust architectures and AI threat detection verify identities and flag suspicious behavior in real-time. However, attackers are shifting to targeted social engineering or adversary-in-the-middle (AiTM) tactics that bypass MFA, posing ongoing challenges.
Insider Threats
Intentional or accidental insider actions contribute to around 60% of breaches, often exploiting access to digital assets or internal systems. To counter these, firms are enhancing training, updating cybersecurity policies on data access and acceptable use, and establishing clear consequences for violations. User access controls, activity monitoring, AI behavioral analytics, and data loss prevention tools are increasingly effective in addressing these risks.
Third-Party and Supply Chain Risks
Vulnerabilities in vendors caused approximately 35.5% of incidents in 2024, including API exploits in embedded financial services, with risks extending to fourth parties in 4.5% of breaches. Financial institutions are increasingly using System and Organization Controls (SOC) reports and tools like SecurityScorecard to gain visibility into third- and fourth-party ecosystems. These tools assess vendor security postures and identify vulnerabilities, such as unpatched systems or weak MFA.
Heightened Risks from Digital Banking and Digital Assets
Digital banking has expanded the attack surface, making institutions vulnerable to malware, unauthorized access, and data exfiltration. For instance, fake banking apps distributed via Telegram targeted Android users in March 2025, leading to millions in fraudulent transactions across banks and fintech firms. Similarly, digital assets like cryptocurrencies introduce unique threats, such as wallet hacks, smart contract vulnerabilities, and DeFi exploits. Cybercriminals stole over $2.47 billion in crypto assets in the first half of 2025, with exchange breaches highlighting risks from regulatory uncertainty and financial volatility. These elements not only amplify financial losses but also erode trust in decentralized finance systems.
Key Trends and Consequences
Ransomware has dominated cyber events in recent years, though payments are declining amid better defenses. Vendor risks have amplified effects across all firm sizes, with global entities like Prudential, regional banks like Truist, fintech specialists such as Evolve, and credit unions including Patelco and Lafayette facing severe threats. Insider and espionage incidents, as seen at the CFPB and OCC, are likely to drive stricter regulations, urging enhanced vendor audits and response plans.
Evolving Regulatory Guidelines & Retirement of the FFIEC CAT
For years, the FFIEC Cybersecurity Assessment Tool (CAT) has served as the go-to checklist for banks and credit unions to demonstrate they are managing cybersecurity risks. With the CAT set to retire on August 31, 2025, regulators are signaling a critical shift: move beyond static assessments to proactive strategies that anticipate emerging risks. Institutions are encouraged to transition to flexible frameworks like NIST CSF 2.0 for ongoing maturity evaluations.
This regulatory evolution opens the door to more meaningful conversations around risk. It’s no longer just about passing an exam; it’s about safeguarding customers, reputation, and business continuity when—not if—a cyber event strikes. That’s where ongoing risk assessments, managed services, and cyber insurance become indispensable, ensuring alignment with these proactive standards.
Endpoint Protection and Active Monitoring
In today’s mobile and hybrid work environments, devices are often the first line of attack. A critical aspect of cyber defense is managing endpoint protection and continuous monitoring. Financial institutions need more than antivirus—they require visibility into every device around the clock. Managed Detection and Response (MDR) and Endpoint Detection and Response (EDR) services provide proactive monitoring, automated response, and expert threat hunting to prevent breaches before they escalate. By leveraging a 24/7 Security Operations Center (SOC), institutions can dramatically reduce response times and ensure protection even when internal teams are offline.
Adding this layer of defense helps banks, credit unions, and fintechs detect ransomware, insider threats, and data exfiltration early, minimizing financial and reputational risk. Institutions of all sizes should prioritize EDR/MDR as part of their cybersecurity strategy, whether through internal teams or third-party partners.
The Role of Commercial Cyber Insurance
Breaches are inevitable; Summit Financial Group’s insurance provides a safeguard, covering ransom, legal fees, business interruption, and fines. For a $5 billion asset manager, a tailored $25 million policy can reduce exposure by 80%, with joint assessments lowering premiums by 20% through proven controls.
Endurance Advisory Consultants excel in IT advisory and troubleshooting, extending expertise to broader financial services with end-to-end solutions. Summit Financial Group delivers top-tier cyber insurance for digital risks. Our joint efforts empower institutions to thrive securely.Working with partners like Endurance and Summit helps you not just check the box but build real confidence in your digital defenses and ensure a unified approach to cybersecurity. Our assessments evaluate governance, strategy, risk mitigation, business continuity and disaster recovery, technical and operational controls as well as vendor diligence.
Contact Endurance for an assessment today.
The following list details major cybersecurity incidents in the US financial services industry from 2024 to mid-2025, covering global banks, regional banks, community banks/credit unions, and major vendors. Each entry includes breach specifics, impact, and consequences, verified for accuracy and presented for clarity.
1. LoanDepot Ransomware Breach (January 2024)
The Alphv (BlackCat) ransomware group targeted LoanDepot, a national mortgage lender, from January 3–5, 2024, compromising names, addresses, financial account numbers, phone numbers, dates of birth, and Social Security numbers. The attack disrupted operations for nearly two weeks, affecting 16.9 million individuals. Consequences included significant financial losses, reputational damage, and heightened awareness of ransomware vulnerabilities in lending services.
2. Prudential Financial Ransomware Breach (February 2024)
Alphv (BlackCat) breached Prudential Financial, a global insurance giant, on February 5, 2024, exposing names, addresses, driver’s license numbers, and other IDs. Initially reported to affect 36,000 individuals, the breach impacted 2.56 million people, triggering regulatory scrutiny. Potential fines and increased focus on securing sensitive financial data in insurance were key consequences.
3. FBCS (Financial Business and Consumer Solutions) Data Breach (February 2024)
A ransomware attack on FBCS, a debt collection vendor supporting regional banks like Truist, occurred between February 14–26, 2024, exposing names, addresses, dates of birth, SSNs, and account numbers. Affecting 4.2 million people, it caused ripple effects on partner banks, with delayed notifications leading to reputational harm and emphasis on third-party vendor risks.
4. Santander Bank Data Breach via Snowflake (May 2024)
Santander Bank, with global and regional US operations, suffered a breach due to compromised credentials and lack of MFA at cloud vendor Snowflake, exposing account numbers, credit card information, and employee details. The attack impacted 30 million customers, with stolen data sold on Dark Web forums, prompting investigations, ransom demands, and calls for MFA enforcement.
5. Evolve Bank & Trust Ransomware Breach (May 2024, disclosed June 2024)
LockBit ransomware group breached Evolve Bank & Trust, a Memphis-based regional bank, via a vendor, exposing names, SSNs, account numbers, dates of birth, and contact info. Affecting 7.6 million people, it disrupted fintech services like Affirm and Wise, with false claims of Federal Reserve involvement and exposed supply chain vulnerabilities as major consequences.
6. Patelco Credit Union Ransomware Attack (June 2024)
Ransomware struck Patelco Credit Union, a Dublin, CA-based community credit union, prompting a digital banking shutdown and exposing names, SSNs, driver’s licenses, dates of birth, and emails. Initially reported to affect 500,000 members, it impacted 1 million, leading to member lawsuits and highlighting ransomware’s severe impact on smaller institutions.
7. Lafayette Federal Credit Union Unauthorized Access (September 2024)
Unauthorized access targeted Lafayette Federal Credit Union, a Rockville, MD-based community/regional credit union, compromising sensitive member data. The number affected was not disclosed, but it posed identity theft risks. Regulatory reporting and underscored access control weaknesses in smaller institutions were the primary consequences.
8. Cross Valley Federal Credit Union Unauthorized Access (December 2024)
Cross Valley Federal Credit Union, a Wilkes-Barre, PA-based community credit union, experienced unauthorized system access, potentially exposing member PII. The number affected was not specified, raising data security concerns. Regulatory notifications and highlighted persistent access-based threats to community credit unions followed.
9. Randolph-Brooks Federal Credit Union (RBFCU) Data Breach (December 2024)
A data breach at Randolph-Brooks Federal Credit Union, a San Antonio-based regional/community credit union, exposed personal and banking information of over 4,600 customers, increasing risks of identity theft and fraud. Member notifications and emphasis on risks in regional credit unions with large member bases were key outcomes.
10. NationsBenefits Holdings Data Theft (April 2025)
Clop ransomware group exploited Fortra GoAnywhere MFT vulnerabilities at NationsBene- fits Holdings, a major vendor for health/financial benefits, stealing PHI and financial data. Impacting over 3 million individuals, it led to extortion attempts and stressed the critical need to address vendor software vulnerabilities in financial ecosystems.
11. Via Credit Union Unauthorized Access (January 2025)
Unauthorized access breached Via Credit Union, a Marion, IN-based community credit union, compromising sensitive financial data. The number affected was not disclosed, but it threatened member security, resulting in regulatory reporting, potential remediation costs, and erosion of trust in small community institutions.
12. SogoTrade Data Breach (May 2025)
A breach at SogoTrade, a Chesterfield, MO-based online brokerage, due to compromised credentials from May 2024 (disclosed 2025), exposed names, financial account numbers, SSNs, and tax IDs. An unspecified number of clients faced identity theft risks, with fraud alerts and ongoing threats to investment platforms as key consequences.
13. Consumer Financial Protection Bureau (CFPB) Data Breach (Disclosed April 2025)
A former CFPB employee transferred confidential data on 256,000 consumers and 45 institutions to a personal email, exposing PII. This insider threat incident prompted potential regulatory fallout for supervised banks and increased scrutiny on internal data handling practices.
14. Office of the Comptroller of the Currency (OCC) Email Espionage (April 2025)
Hackers compromised an OCC admin account, spying on 150,000 sensitive financial institution emails for over a year, affecting 103 US bank regulators. This undermined trust in regulatory oversight and highlighted state-sponsored risks to financial stability.
15. Chinese Cyber Espionage Surge Targeting Financial Sectors (February 2025)
A 150% surge in Chinese cyber operations (300% in finance) targeted US banks and vendors using backdoors and cloud services, causing widespread data theft. Exact records affected are unknown, but it spurred calls for enhanced international cooperation and raised concerns about potential sabotage.
16. Coinbase significant cybersecurity incident involving an insider threat
Cybercriminals bribed and recruited a group of rogue overseas customer support agents to access internal systems and steal data for 69,461 individuals. The breach began as early as December 2024. The stolen data was used to facilitate social engineering attacks, where attackers posed as Coinbase representatives to trick customers into handing over crypto assets. Coinbase estimates a financial hit of $180 million to $400 million, primarily from reimbursements and related costs.
This presentation is being furnished on a confidential basis to provide preliminary summary information. The information, tools and material (collectively, information) contained herein is not directed to or intended for distribution or use by any person or entity who is a citizen or resident of or located in any jurisdiction where such distribution, publication, availability or use would be contrary to law or regulation or which would subject Endurance Advisory Partners, LLC, to any registration or licensing requirement within such jurisdiction.
The information presented herein is provided for informational purposes only and is not to be used or considered as an offer to sell, or buy securities or other financial instruments, or any advice or recommendation with respect to such securities or other financial instruments. The information may not be reproduced in whole or in part or otherwise made available without the prior written consent of Endurance Advisory Partners, LLC. Information and opinions presented have been obtained or derived from sources believed to be reliable, but Endurance Advisory Partners, LLC makes no representation as to their accuracy or completeness. Endurance Advisory Partners, LLC, accepts no liability for any loss arising from the use of the information contained herein.
This information is subject to periodic update and revision. Materials should only be considered current as of the date of the initial publication, without regard to the date on which you may access the information. Endurance Advisory Partners, LLC, maintains the right to delete or modify the information without prior notice.
Under no circumstances and under no theory of law, tort, contract, strict liability or otherwise, shall Endurance Advisory Partners, LLC be liable to anyone for any damages resulting from access or use of, or inability to access or use, this information regardless of whether they are dire, indirect, special, incidental, or consequential damages of any character, including damages for trading losses or lost profits, or for any claim or demand by any third party, even if Endurance Advisory Partners, LLC knew or had reason to know of the possibility of such damages, claim or demand.
5420 LBJ Freeway, Suite 1940
Dallas, TX 75240
