Who isn't worried about the current crisis that's affecting practically every financial institution around the world? Just as we as individuals should be concerned about how this whole debacle is going to affect these institutions and our economy in the long run, we should also be concerned about the security of our personal data.
Let's think about this for a moment-you have some of the largest financial companies in the world either in bankruptcy, being sold, or slashing jobs. All that data has to end up some place. Having worked for some large financial and insurance firms, my experience tells me that there are probably petabytes of data at risk right now.
My chief concerns are based on the following experiences and observations:
Obviously, staff will be cut to gain efficiencies. Will the right staff be cut? Will they cut the right amount of staff and still be able to support the environment?
When companies merge, there are times when a company could be vulnerable to an attack. This occurs mostly when merging infrastructures.
People are prone to more social engineering attacks during a merger. If I was a hacker (I am not), I could easily use this time to social-engineer customers by explaining that I am from the "new" company and I need to verify personal information. As companies merge and people leave, it is also an opportune time for those employees or contractors to take information with them, such as a client list or other client personal information. And the chances of getting caught are less likely when the entire company is in turmoil.
In general, companies do a mediocre job of protecting customer and client data. Look at TJ Maxx, The Veterans Administration, The Texas Lottery Commission, and Countrywide Financial, just to name a few that have had major, publicized data breaches. If you have the stomach for it, see more at Privacy Rights Clearinghouse.
The IT executives of these large financial institutions are no doubt consumed with a long list of other tasks and worries, but they need to take caution and make sure that what needs to be in place in terms of people, processes, policies and technology is in fact in place. Being acquainted with quite a few auditors that work in IT and financial areas, I know they are chomping at the bit right now.