Millions Of Secret Bank Records Leak Online

Uploaded on 2019-01-29 in FREE TO VIEW, BUSINESS-Services-Financial, NEWS-Cybersecurity News

This is the latest reminder of just how vulnerable Americans' sensitive financial data can be.  A server security lapse at Ascension, a data and analytics company for the financial industry, based in Fort Worth, Texas, left the unencrypted information, some 24 million documents, available for anyone who knew where to look. 

Ascension offers financial institutions the service of converting documents into files that can be read by computers, known as OCR.

The server, which was running an Elasticsearch database, contained more than a decade’s worth of data, from loan and mortgage agreements to repayment schedules and other financial and tax documents, which offer an intimate insight into a person's life. The information wasn't protected by a password.

The database was only exposed for two weeks - but that was long enough for independent security researcher Bob Diachenko to find it. If he was able to locate it, who knows how many professional cyber criminals were also able to find it. 

Almost all of the documents pertained to loans and mortgages offered by some of the largest lenders in America dating as far back as 2008 (including some that are now defunct). 

Some of the sensitive information exposed by the unforced error included social security numbers and W-2 forms, which are used by scammers to claim refunds. Citi, one of the lenders identified in the documents, said it has no continuing relationship with the third party responsible for the leak.

ZeroHedge

You Might Also Read:

Australia's Largest Bank Lost The Personal Financial Histories Of 12m Customers:

 

« The Future Of War is Cyber
Connecting African IT & Software Developers With Top Tech Companies »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

Watch this webinar and get a comprehensive roadmap for securely adopting generative AI using Amazon Bedrock, a fully managed service that offers a choice of high-performing foundation models (FMs).

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Rambus Security Division

Rambus Security Division

Rambus Security Division solutions span areas including tamper resistance, content protection, network security, mobile payment, smart ticketing, and trusted provisioning services.

Masergy Communications

Masergy Communications

Masergy delivers hybrid networking, managed security and cloud communication solutions to enterprises around the globe.

Insta Group

Insta Group

Insta are a trusted cyber security partner for security-critical companies and organizations.

Spire Solutions

Spire Solutions

Spire Solutions is the Middle East & Africa region’s leading cybersecurity solution provider and value-added distributor (VAD).

TechCERT

TechCERT

TechCERT is Sri Lanka’s first and largest Computer Emergency Readiness Team (CERT).

Novastor

Novastor

NovaStor® is an award-winning, international data backup and recovery software company with solutions supporting physical, virtual and cloud environments.

NewGens

NewGens

NewGens is a solution and service provider to banking institutions in the APAC region. Areas of expertise include cybersecurity, AML, fruad prevention, compliance and risk management.

MSPAlliance

MSPAlliance

MSPAlliance is the world’s largest industry association and certification body for cloud computing and managed service professionals.

Nettoken

Nettoken

Nettoken is the first identity management platform designed for everyday internet users, to encourage awareness and control of our ever expanding digital footprint and personal cybersecurity.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Sontiq

Sontiq

Sontiq is committed to providing best-in-class, highly scalable, award-winning identity security solutions to consumers, businesses and government agencies.

Consistec Engineering & Consulting

Consistec Engineering & Consulting

Consistec Engineering & Consulting GmbH is an information technology and services company offering solutions for monitoring the security of IT and OT infrastructure.

FPT Software

FPT Software

As a leading technology service provider, FPT assists customers of all sizes and from any industries in implementing and adapting digital technologies including cybersecurity.

Bastazo

Bastazo

Bastazo provides tools for vulnerability and patch management. Focus your cybersecurity operations on vulnerabilities with the highest risk of exploitation.

Anzen Technology Systems

Anzen Technology Systems

Anzen create software solutions which allows organisations to utilize the public cloud for sensitive or classified information, whilst increasing data security and retaining data sovereignty.

Leo CybSec

Leo CybSec

Leo CybSec unites a group of Cyber Security experts with 20+ years of collective expertise to help our clients realise and mitigate the cyber challenges and risks facing their business.