Why Banks Are Already Losing the Quantum Race

The financial sector has always lived under siege—fraud, cybercrime, insider threats. But a quieter, more patient danger is unfolding: the “harvest now, decrypt later” strategy. Attackers are already collecting encrypted financial data today, confident that advances in quantum computing will eventually render today’s cryptography obsolete.

The Quantum Finance Security Series. This three-part series explores how quantum computing will reshape cybersecurity in the financial sector. Part 1 examines the immediate threat of “harvest now, decrypt later” attacks. Part 2 outlines practical steps financial institutions can take to prepare for post-quantum cryptography. Part 3 looks beyond algorithms to the broader challenge of building quantum-resilient finance.

Unlike many cybersecurity risks, this one doesn’t depend on a breakthrough tomorrow. The theft is happening now, with exfiltrated datasets stored away like assets in a portfolio—waiting for the day they can be unlocked. For banks, insurers, and fintech providers who handle data with lifespans measured in decades, that creates an urgent dilemma. What’s stolen today could be exposed tomorrow, long after the breach is forgotten.

Breaches That Feed the Future

Recent incidents underline just how much financial data is already slipping into circulation:

• Connex Credit Union (USA, June 2025) — Around 172,000 customers had account numbers, debit card details, Social Security numbers, and government IDs compromised. The breach was detected on 3 June but only disclosed in August, raising concerns about delayed notification.¹
• Allianz Life (USA, July 2025) — A breach via a third-party cloud CRM system affected a majority of its 1.4 million customers, along with financial professionals and employees. While Allianz’s internal systems were untouched, the exposed data included personal and financial records.²
• Wealthsimple (Canada, September 2025) — A software supply-chain compromise may have exposed government IDs, SINs, and financial details of up to 30,000 users. Though only 1% of its client base, the incident shows how even partial breaches can create lasting risk when sensitive identifiers are involved.³

And these are only the public disclosures. Supply-chain compromises at UBS (via Chain IQ),⁴ Santander, and DBS Bank⁵ in recent months demonstrate how attackers often target service providers to gain indirect access to financial data.

Why Finance Is Uniquely at Risk

Financial data has a long shelf life. Transaction histories, client records, contracts, and compliance archives may need to remain secure for decades. That’s precisely the timeframe in which quantum computing threatens today’s cryptographic foundations.

Unlike credit card numbers, which can be changed, or passwords, which can be reset, much of the data in financial systems cannot simply be replaced once it is compromised. A harvested trove of account histories, identity documents, and transaction metadata will retain its value well into the quantum era.

The Cost of Waiting

The numbers are already stark. IBM’s 2025 Data Breach Report puts the global average cost of a breach at US $4.88 million.⁶ For the financial sector, which consistently ranks above average in breach costs, the stakes are even higher. Cybercrime overall is projected to impose US $10.5 trillion in annual impact by the end of this year.⁷

But those figures only reflect today’s realities. They do not capture the compounding risk of adversaries who are willing to wait. The value of encrypted financial data doesn’t decline with age—it matures, like an asset that has yet to reach its peak market price.

Conclusion

The lesson is uncomfortably clear: data stolen in 2025 may not be safe in 2030—or even sooner. Every breach today feeds the pipeline of information that adversaries can unlock once quantum decryption becomes practical. For financial institutions, the question is no longer if their encrypted archives are being harvested, but how much of it is already sitting in an attacker’s vault.

The quantum clock is ticking, and while the industry debates timelines, hackers aren’t waiting. They’re building tomorrow’s treasure troves today.

In Part 2, we’ll explore what financial organisations can do now—before the locks on their digital vaults stop working.

Sources

1. TechRadar — Major data breach at US credit union sees 172,000 customers at risk (Aug 2025).
2. AP News — Allianz Life reports customer data breach via third-party system (July 2025); ITPro — Everything we know about the Allianz Life data breach so far (July 2025).
3. TechRadar — Wealthsimple reveals data breach; users warned to be on alert (Sept 2025).
4. Financial News London — UBS hit by cyber attack on external supplier with data stolen (July 2025).
5. DeepStrike — Data breach at financial institutions: Santander, DBS and supply-chain risk (2025).
6. IBM Security — Cost of a Data Breach Report 2025.
7. Cybersecurity Ventures — Official Cybercrime Report 2025.