The Risks Banks Face When Using Third Parties: The Latest Data Breach
In February 2024, a significant data breach occurred at Financial Business and Consumer Solutions (FBCS), a debt collections agency serving companies, including banks. This breach has had far-reaching consequences, affecting some 4.2 million individuals, including an undisclosed number of Truist Bank's customers.
The FBCS breach exposed sensitive customer information such as full names, Social Security Numbers (SSNs), dates of birth, ID/driver's license details, medical claims/clinical information, and other personal information.
Banks often engage third parties to streamline operations, reduce costs, and enhance customer services. However, these relationships come with significant risks. Third parties may not always adhere to the same stringent security protocols as the banks they serve. This discrepancy can create vulnerabilities that cybercriminals can exploit. Regulators have made clear that banks remain responsible for meeting regulatory requirements whether their activities are performed internally by the banks themselves or externally by their third parties.
🔍 Why is This Important to Banks and their Executive Teams? 🔍
To mitigate the risks associated with third-party relationships, banks must implement comprehensive third-party risk management programs that include appropriate:
- Due Diligence: Conduct thorough background checks and security assessments of potential third parties, including a review of data incident histories.
- Continuous Monitoring Regularly monitor the third party's security practices and performance to ensure ongoing compliance with the bank's standards.
- Incident Response Plans: Develop and maintain incident response plans that include protocols for addressing third-party data breaches.
- Contractual Safeguards: Include specific security and breach notification requirements in contracts with third parties.
The FBCS data breach serves as another critical lesson for banks. It highlights the importance of selecting reputable third parties and maintaining vigilant oversight and robust risk management practices. By doing so, banks can better protect their customers' sensitive information, meet regulatory requirements, and uphold customer trust.
👉🏻 Need help with your third-party risk management program? Contact our team today!