Finance

The New Breach Pattern No One Is Talking About: Attacks Targeting Finance-as-a-service Providers

By David Miller 18 Nov, 2025 159
The New Breach Pattern No One Is Talking About: Attacks Targeting Finance-as-a-Service Providers

Cybersecurity professionals have cautioned for years that the next generation of serious data breaches would not occur within the banks themselves but instead occur from ecosystem elements surrounding banks – third-party vendors, processors and type firms that may be used to handle sensitive financial data in the background. That prediction is now coming to fruition, with Consero Global Solutions, LLC recently exposing Social Security numbers, and personal information, being processed on behalf of Propeller Industries, providing one of the clearest examples of this type of attack. 

Though most consumers assume their financial information is exclusively with their bank or lender, financial operations have and continue to develop a deep distribution footprint. Startups, mid-market and even slow-growth companies rely heavily on Finance-as-a-Service (FaaS) providers to address bookkeeping, accounting, reporting, and year-end tax workflows; these firms sit upstream in the financial data supply chain, and cybercriminals have begun to take note.

Why FaaS Providers Are Becoming Popular Targets

FaaS companies are uniquely vulnerable for three reasons: 

1. They possess highly sensitive information—even when consumers are unaware of their existence.Consigned to client data, a provider like Consero manages files containing coworker's financial records, vendors, payroll, taxes, and in some cases, Social Security numbers. A consumer rarely interacts with FaaS companies directly. Breaches in these cases are often the first time a victim learns the name of the firm the consumer has entrusted their safety to.
2. They support dozens—or hundreds—of companies simultaneously. A single breach can yield sensitive data for dozens of organizations at once. This "multi-tenant jackpot" makes FaaS firms attractive to cybercriminals who want the highest return from their efforts.
3. Security maturity varies widely across the industry. Many FaaS companies grew rapidly due to demand for outsourced services in finance, but the security offerings on the business side often lagged behind. In environments with interconnected documents, robust third-party integrations, and flourishing financial systems, each misconfiguration becomes a vulnerability.

The Financial Data Supply Chain Is Growing—and So Are the Risks


Financial workflows in the present day are no longer limited to a single organization. Procurement, payroll, expense processing, reconciliation and forecasting are now fragmented across:

  • outsourced accounting services
  • cloud-based bookkeeping services
  • payroll processing services
  • tax services
  • analytics software
  • workflow automation software

The increase of connections means greater efficiency—and a greater attack surface.

And the Consero Global Solutions, LLC Data Breach is a great example: Data that originally belonged to Propeller Industries was compromised because it flowed through a vendor's environment. This cascading exposure model, whereby connectivity to vendors simultaneously exudes greater risk and becomes harder for the consumer to track, is quickly becoming the norm.

The Next Breach Trend: Attacking the “Middle Layer” of Finance

Cyberattacks on FaaS organizations are not random; they all follow predictable economic logic.

Attackers know:

  • financial documents = identity fraud
  • payroll files = tax fraud
  • accounting logs = invoice fraud
  • stored SSNs = long-term monetization

While credit card numbers can quickly be canceled, tax and payroll information and identity data have longer duration and value, a decade later.

Financial institutions are investing heavily into cyber security. Contrarily, FaaS vendors have widely differing levels of preparedness, creating the next target in the middle layer of the financial ecosystem, not the endpoints.

What Companies Should Anticipate Moving Ahead

Continuing our trend toward a finance-as-a-service (FaaS) model. Each year, additional companies take their back office finance operations and outsource to providers who can offer them new speed, automation, and a lower cost possibility.

But absent the industry raising its security posture, what we may see is:

1. More multi-client breach events

One vendor incident will take impact dozens of financial environments.

2. Litigation and regulatory pressure

As regulatory agencies begin to increasingly look in to third-party risk, FaaS providers may receive the same scrutiny as banks.

3. Disclosure regulations

Vendors may be required to disclose not only breaches occurring but the companies whose data was implicated.

4. Confusion among consumers

Most consumers have little idea who, or how many third-party firms hold their relevant information, complicating efficiency and recovery.


Why is this important Right Now

The Consero incident was not a one-off, it was a warning. As finance operations as a service continue to become outsourced and automated, assailants are shifting their attention to whoever has the largest candle of sensitive data at the end of the day.

And many times today that’s not the bank.

It's the unregulated financial payment processors working behind the scenes of the modern economy.