Financial Services in the Crosshairs: Assessing Risk After MOVEit and T-Mobile Exposures

Financial services companies have responsibility for some of your most sensitive data when you do business with them. If this data was stolen as part of a breach, the experienced national data breach attorneys at Federman & Sherwood can take legal action on your behalf.

Your information can be at risk when you do business with a financial services company, both when your data is housed on their own servers and when they use a third party. Either way, the financial services business is a proper defendant in a class action lawsuit when they have failed to take the necessary steps to protect your confidential information.

Data breach victims can get immediate legal help when they reach out to an aggressive lawyer at Federman & Sherwood by calling us at (800) 237-1277. We help victims like you get a measure of justice through financial compensation from a responsible party.

Financial Services Companies Are Increasingly the Targets of Network Intrusions

There have been very few entities that have been free from risks of data breaches by hackers and malign actors. These attacks are increasingly targeting either financial services companies directly, or service providers upon which they rely. Hackers recently exploited a data vulnerability to target multiple financial services companies. In addition, they also managed to successfully penetrate a T-Mobile network that financial services companies used for communications and IT services.

The MOVEit vulnerability refers to an SQL injection flaw that cyberattackers took advantage of to gain access to systems used by financial services companies. The attackers were able to use an SQL injection to penetrate servers. Over 2,700 organizations were affected by this data breach, and the personal information of over 90 million people was compromised.

The T-Mobile data breach was equally as grave. T-Mobile has been targeted by hackers numerous times over the years. They have managed to gain sensitive information when they were able to penetrate the network. Any company that has relied upon T-Mobile for things like communications and authentication was at risk of being affected. In addition to serious past cyber incidents, hackers attempted to penetrate the T-Mobile network again in 2024, this time without as much success.

You Can Sue a Financial Services Company Even if it Was Not Their Network Breached

The main takeaway for companies is that they can still face legal risk when they are using a third-party server to either house sensitive information or to conduct their own business. A company can still be held liable in a data breach lawsuit, even when the intrusion did not occur on their own networks. Companies need to continuously assess the risks that are posed to your sensitive data when they choose to do business with another company. They cannot simply say that the problem occurred elsewhere, and they should face no consequences whatsoever.

The problem is particularly acute for financial services companies. They are prime targets for hackers because they hold so much of your critical personal information. In the wake of these data breaches, financial services companies should take the following steps to assess their risks and prevent network intrusions:

• Monitor the potential risks posed by third-party vendors
• Conduct risk assessments on a regular basis
• Enhance customer authentication controls
• Continuously monitoring for compromised customer credentials that could allow hackers to gain access to a network
• Conduct regular penetration testing and vulnerability scanning

The Gramm Leach Bliley Act, which is a key law that regulates the financial service industry, imposes requirements on these companies. Financial Services businesses must comply with the Safeguards, data privacy and customer notification rules. They can be subject to enforcement actions and customer lawsuits if they have allowed your personal information to be compromised because of failure to follow the rules or their own negligence.

If your information was compromised, you can sue the financial services company in most cases, even if they did not directly house the information themselves. They can be held responsible for the act of a third party whom they selected as a vendor. Of course, you have the ability to sue anyone who played a role in the failure to protect your data. When you hire a national data breach attorney for your case, they will review the circumstances to determine who the proper defendants are in your case. A data breach class action lawsuit could lead to financial compensation for the harm that you have suffered.

Contact a National Data Breach Law Firm

If you have been victimized when you entrusted your sensitive information to a financial services firm, approach a national data breach attorney at Federman & Sherwood to help you take legal action. The first step in the fight is to schedule a free initial consultation with a national data breach lawyer by messaging us online or by calling us today at (800) 237-1277.