Millions Of Secret Bank Records Leak Online

Uploaded on 2019-01-29 in FREE TO VIEW, BUSINESS-Services-Financial, NEWS-Cybersecurity News

This is the latest reminder of just how vulnerable Americans' sensitive financial data can be.  A server security lapse at Ascension, a data and analytics company for the financial industry, based in Fort Worth, Texas, left the unencrypted information, some 24 million documents, available for anyone who knew where to look. 

Ascension offers financial institutions the service of converting documents into files that can be read by computers, known as OCR.

The server, which was running an Elasticsearch database, contained more than a decade’s worth of data, from loan and mortgage agreements to repayment schedules and other financial and tax documents, which offer an intimate insight into a person's life. The information wasn't protected by a password.

The database was only exposed for two weeks - but that was long enough for independent security researcher Bob Diachenko to find it. If he was able to locate it, who knows how many professional cyber criminals were also able to find it. 

Almost all of the documents pertained to loans and mortgages offered by some of the largest lenders in America dating as far back as 2008 (including some that are now defunct). 

Some of the sensitive information exposed by the unforced error included social security numbers and W-2 forms, which are used by scammers to claim refunds. Citi, one of the lenders identified in the documents, said it has no continuing relationship with the third party responsible for the leak.

ZeroHedge

You Might Also Read:

Australia's Largest Bank Lost The Personal Financial Histories Of 12m Customers:

 

« The Future Of War is Cyber
Connecting African IT & Software Developers With Top Tech Companies »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

CloudPassage

CloudPassage

CloudPassage, a cloud security and compliance pioneer, safeguards cloud infrastructure for the world’s best-recognized brands.

S21sec

S21sec

S21Sec, Cyber Solutions by Thales, is a leading European cybersecurity pure player, with security experts in Spain and Portugal and an Iberian SOC.

Telspace Africa

Telspace Africa

Telspace Africa provide the highest level of IT security solutions including advisory, penetration testing, vulnerability assessments, red teaming, social engineering and training.

DataSunrise

DataSunrise

DataSunrise Data-Centric high-performance security software protects the sensitive data in real-time in cloud or on premises, and helps organizations to stay compliant.

Inseego

Inseego

Inseego provides Enterprise SaaS solutions and IoT & Mobile solutions, which together form the backbone of intelligent, reliable and secure IoT services with deep business intelligence.

Blockchain Reactor

Blockchain Reactor

Blockchain Reactor is a blockchain consultancy and implementation company providing cutting-edge blockchain solutions for start-ups and enterprises.

Transmit Security

Transmit Security

The Transmit Security Platform provides a solution for managing identity across applications while maintaining security and usability.

Cranfield University

Cranfield University

Cranfield Defence and Security are at the forefront of their fields, offering capabilities ranging from cyber security and digital warfare to robotics, forensic sciences and simulation and analytics.

FortifyIQ

FortifyIQ

FortifyIQ's mission is to advance maximum security against side-channel attacks across the entire computing spectrum.

Coretelligent

Coretelligent

Coretelligent is a leading providers of Managed and Co-Managed IT, cybersecurity and private cloud services.

Myota

Myota

Myota intelligently equips each file to be resilient and achieve Zero Trust-grade protection. Withstand ransomware and data breach attacks. Reduce data restoration time and effort.

Gotham Security

Gotham Security

Gotham Security delivers high-quality penetration testing, malicious adversary simulation, compliance program development, and threat intelligence services.

Labaton Sucharow

Labaton Sucharow

Standing on the horizon of law and technology, our Cybersecurity and Data Privacy Practice helps to protect consumers who have been harmed by businesses’ failures to safeguard their customers' data.

Price Forbes

Price Forbes

Building on more than 100 years of specialist insurance broking, Price Forbes partner with clients around the world who are looking to understand and balance today’s risk and plan for the future.

Aspiron Search

Aspiron Search

Aspiron Search is a niche-focused Cybersecurity search firm that works exclusively with venture-backed Cybersecurity firms.

Clear Ridge Defense

Clear Ridge Defense

Clear Ridge was founded in April 2015 with the mission and vision to support Joint, Service Cyber Components, and commercial clients in specialized cyber support.