Checking a bank's recent security history is a prudent step for any consumer. While no financial institution is immune to cyber threats, a pattern of incidents can be a significant factor in your decision-making. You can conduct this research effectively through official regulatory sources, financial news, and the bank's own disclosures.
Primary Source: Official Regulatory Databases
For the most authoritative information, consult databases maintained by government regulators. In the United States, the primary sources are:
- The Office of the Comptroller of the Currency (OCC) Enforcement Actions Database: The OCC regulates national banks and federal savings associations. Its online database lists formal enforcement actions, which can include consent orders related to information security failures.
- The Federal Reserve Enforcement Actions: This resource covers state-chartered banks that are members of the Federal Reserve System and bank holding companies.
- The FDIC Enforcement Decisions & Orders: The Federal Deposit Insurance Corporation insures most banks and can take enforcement actions against institutions for unsafe or unsound practices, including cybersecurity lapses.
- The Consumer Financial Protection Bureau (CFPB) Consumer Complaint Database: While not a list of breaches, you can search for your bank and filter for complaints categorized under "privacy," "data security," or "identity theft." A high volume of such complaints may indicate recurring issues.
Search these sites using the bank's legal name. Regulatory actions are serious but may not capture every single security incident.
Secondary Sources: News and Industry Monitoring
Major data breaches typically receive media coverage. To stay informed:
- Set up Google News alerts for the bank's name combined with terms like "data breach," "cyber incident," or "security lapse."
- Follow reputable cybersecurity news outlets and financial industry publications that report on such events.
- Review the bank's own press release or news section on its website. Publicly traded banks are required to disclose material events, including significant cyber incidents, to the Securities and Exchange Commission (SEC) via 8-K filings, which are public record.
Direct Inquiry and Proactive Measures
You can also contact the bank directly. Ask their customer service if they have a public-facing transparency report or a summary of their cybersecurity posture. While they may not divulge specifics, their willingness to discuss general policies can be informative. Regardless of a bank's history, you should always take proactive steps to secure your own accounts:
- Enable multi-factor authentication (MFA) on all online and mobile banking accounts.
- Monitor account statements and transaction alerts regularly for unauthorized activity.
- Use strong, unique passwords for your banking login.
- Understand the bank's fraud liability policies, which are typically outlined in your account agreement.
Ultimately, checking for security breaches is one part of choosing a financial partner. Also consider the bank's public commitment to security, its adoption of modern authentication technologies, and the clarity of its communication protocols in the event of an incident. A bank that is transparent about its challenges and responsive in resolving them can sometimes be a more reliable steward than one with no public record but poor customer security practices.