When a Breach is a 'Good Thing'
Weighing the benefits of certain data breaches.

In April, Waters is planning a comprehensive issue about cybersecurity and the technology, processes, and talent required to guard against what many CTOs now believe is their top operational risk.
The list of firms that have been hacked—either externally or internally—in the last year is lengthy, featuring some of the largest corporations in the world and at least a couple of mainstay investment banks as well.
Of course, when the topic is raised, many minds (including my own) visualize a malicious 'blackhat' actor holed up in a dark room somewhere halfway around the world, toying with systems and stealing information either for the fun of it, or because a state or quasi-state entity is paying them to do so behind some kind of ideological justification.
But particularly in finance, the job is often far more simple, and the reasons are sometimes much more benign.
For example, the theft of client data from Morgan Stanley's wealth management unit in December 2014 by a recently-promoted adviser at the firm had many hallmarks of a contemporary cyber event: a shadowy data-download service, even a request for payment in cryptocurrency. But as of yet, none of the typical reasoning.
Internal Leaks
Things can be simpler still, as this week's revelation of HSBC's Geneva office engaging in all sorts of lurid and tax-evading conduct surely suggests.
In this case, as The Guardian has reported, it was physically a matter of a systems engineer, Herve Falciani, prepping tens of thousands of client accounts right at his desk, fleeing to France (from where he, as a French citizen, can't be extradited) and downloading them to five hard disks. What's now being called the biggest bank leak in history was just that easy, and the standard maelstrom of condemnation and calls for investigation has followed.
To some extent, I suspect this style of threat—and not foreign hackers spoofing their location and IP eight times over—could become the norm for financial services. Indeed most technologists we speak to, particularly on the buy side, continue to argue that their greatest worry in terms of data security is their own staff either opening malware in an email without knowing it, or walking off with information they shouldn't be permissioned to because of a change of heart about the business they're in.
Fogginess
This danger, like the HSBC files, raises some interesting practical and even ethical questions—far more so than the Target or Sony hacks that have a clear antagonist, and were clearly avoidable.
To the former issue, locking down every last piece of data would make life for a typical investment management firm operationally difficult, if not impossible. All the more so if you're personnel-constrained or have aspirations to provide serious mobile functionality, as many do. It's a matter of expectations creep and technical lag.
While I'm not exactly as strong as Glenn Greenwald on the latter issue, far from it, from an ethical standpoint there might well be legitimate reasons, in very specific instances, to heist information from one's own firm and hand that data to governmental authorities or the press, as well. I doubt any CTO would admit to that priority being on his or her mind, quite the opposite actually, though deep down we can all imagine such circumstances.
Whether Mr. Falciani—who, like Edward Snowden, is a colorful character—had reasons rising to that level of compulsion is debatable. But the HSBC breach certainly adds a new twist to a topic that was already front-of-mind in 2015.
In any case, we look forward to examining this area, both with technical nuance and from a business standpoint, in April. Any firms looking to contribute their outlook should certainly give a shout, at timothy.murray@incisivemedia.com or on 646 490 3968.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@waterstechnology.com or view our subscription options here: https://subscriptions.waterstechnology.com/subscribe
You are currently unable to print this content. Please contact info@waterstechnology.com to find out more.
You are currently unable to copy this content. Please contact info@waterstechnology.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@waterstechnology.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@waterstechnology.com
More on Emerging Technologies
Waters Wavelength Ep. 324: A philosophical conversation about AI
This week, Reb and Nyela discuss BNY’s digital workers, and what the use of AI in society signals for the future.
Cloud Wars: Are EU and APAC firms really pining for homegrown options?
Waters Wrap: In the wake of tariffs and regional instability, there’s chatter about non-US firms lessening their dependency on the major hyperscalers. Anthony is not buying it.
Google gifts Linux, capital raised for Canton, one less CTP bid, and more
The Waters Cooler: Banks team up for open-source AI controls, S&P injects GenAI into Capital IQ, and Goldman Sachs employees get their own AI assistant in this week’s news roundup.
Numerix strikes Hundsun deal as China pushes domestic tech
The homegrown tech initiative—‘Xinchuang’—is a new challenge for foreign vendors.
RBC’s partnership with GenAI vendor Cohere begins to bear fruit
The platform aims to help the Canadian bank achieve its lofty AI goals.
Deutsche Bank casts a cautious eye towards agentic AI
“An AI worker is something that is really buildable,” says innovation and AI head
TMX buys ETF biz, Iress reinvests in trading tools, UBS data exposed, and more
The Waters Cooler: Euroclear’s next-gen service, MarketAxess launches e-trading for IGBs, and new FX services are in this week’s news round-up.
SEC pulls rulemaking proposals in bid for course correction
The regulator withdrew 14 Gensler-era proposals, including the controversial predictive data analytics proposal.