Millions Of Secret Bank Records Leak Online
This is the latest reminder of just how vulnerable Americans' sensitive financial data can be. A server security lapse at Ascension, a data and analytics company for the financial industry, based in Fort Worth, Texas, left the unencrypted information, some 24 million documents, available for anyone who knew where to look.
Ascension offers financial institutions the service of converting documents into files that can be read by computers, known as OCR.
The server, which was running an Elasticsearch database, contained more than a decade’s worth of data, from loan and mortgage agreements to repayment schedules and other financial and tax documents, which offer an intimate insight into a person's life. The information wasn't protected by a password.
The database was only exposed for two weeks - but that was long enough for independent security researcher Bob Diachenko to find it. If he was able to locate it, who knows how many professional cyber criminals were also able to find it.
Almost all of the documents pertained to loans and mortgages offered by some of the largest lenders in America dating as far back as 2008 (including some that are now defunct).
Some of the sensitive information exposed by the unforced error included social security numbers and W-2 forms, which are used by scammers to claim refunds. Citi, one of the lenders identified in the documents, said it has no continuing relationship with the third party responsible for the leak.
You Might Also Read:
Australia's Largest Bank Lost The Personal Financial Histories Of 12m Customers: