I am planning to use Plaid API and have a spring boot backend but given that I will be storing my financial information (such as whatever the Plaid API needs me to store to use their endpoints as well as just the transactions on my credit and chequing account), the security of the data is obviously crucial. and I think my problem is I don't know what I don't know.

I have a basic idea of what kind of things I need to protect against.

1. WIll have to use Spring security (or whatever is best) for thing like protecting against xss and csrf
2. I need to ensure that the PostgreSQL database is encrypted

but beyond that, I don't know much about the nuances of each type of security and customizations I should be on the look-out for. wonder if there's a trustworthy resource for at least detailing for me the kind of security I need to implement on either the Spring or PostgreSQL side of things?

NewsBlur was down yesterday evening due to its Mongo database getting attacked by a hacker and held for ransom. It’s restored from backup, but there are privacy implications for anyone who had sensitive private data there. We will likely find out more after the maintainer recovers from a busy night.

There are no good links for this, but it’s being discussed on Hacker News. Since it’s open source, someone described what’s being kept in that database.

(I use NewsBlur, but I don’t think my RSS reading habits are all that sensitive. Others might be in a different situation, though.)