Banks hide hacks from their customers
In Mexico there is no law that requires institutions to detail customers when their information was compromised, says expert
The majority of financial institutions in Mexico hide cyber attacks from users that might compromise their personal information, according to a report by the Organization of American States (OAS).
According to the State of Cybersecurity in the Mexican Financial System report, only four out of every 10 banks and financial institutions have a plan to inform their clients when their personal information was compromised by a digital security incident.
Likewise, more than half of the financial institutions do not report the attacks before a judicial authority.
Mario Di Costanzo, financial analyst and head of the National Commission for the Protection and Defense of Financial Services Users, told El Sol de México that banking in Mexico is not required to report hacks to its customers.
The only information obligation that the financial system has before a cyber attack, he said, is to report the facts to the National Banking and Securities Commission (CNBV) and the Bank of Mexico.
“This seems absurd, because there is nothing to protect or require users to be informed. There is no law that obliges them, in this part the clients are left very unprotected, it is a hollow to the law that translates in check out the user, “he said.
According to the specialist, the reason why banks hide information from cyber attacks that have compromised their data has to do with a reputation issue.
“No bank is going to accept that it has been violated, because that affects their image and they could risk losing customers,” he said.
According to the OAS report, in 2018 all financial institutions in the country were victims of cyber attacks. Even one in five institutions suffered an attempt to hack or cyber attack every day of last year.
According to the document, the most common digital security event is malware, as 56 percent of financial institutions in the country recorded an event of this malicious code.
This attack was followed by phishing, an attack aimed at accessing the entity’s systems, and which was recorded by 47 percent of the total banking institutions in Mexico.
The OAS report highlights that the main motivation of cybercriminals to attack a financial institution is the economic one, 74 percent of malicious campaigns against the banking system have this end, followed by political issues, hacktivism, reputational damage and Information theft.
Adalberto Palma, president of the CNBV, said the regulator is clear about the importance of security and prevention to preserve the stability of the financial system.
The president of the Association of Banks of Mexico, Luis Niño de Rivera, stressed that the banking system understands that the challenge is to prevent both institutions and clients from such crimes.
“The attacks are of a different nature and do not impact everyone, if we spend it communicating cyber attacks of things that do not affect the client, but only have to do with internal things would be unhelpful,” he said.