Millions Of Secret Bank Records Leak Online

Uploaded on 2019-01-29 in FREE TO VIEW, BUSINESS-Services-Financial, NEWS-Cybersecurity News

This is the latest reminder of just how vulnerable Americans' sensitive financial data can be.  A server security lapse at Ascension, a data and analytics company for the financial industry, based in Fort Worth, Texas, left the unencrypted information, some 24 million documents, available for anyone who knew where to look. 

Ascension offers financial institutions the service of converting documents into files that can be read by computers, known as OCR.

The server, which was running an Elasticsearch database, contained more than a decade’s worth of data, from loan and mortgage agreements to repayment schedules and other financial and tax documents, which offer an intimate insight into a person's life. The information wasn't protected by a password.

The database was only exposed for two weeks - but that was long enough for independent security researcher Bob Diachenko to find it. If he was able to locate it, who knows how many professional cyber criminals were also able to find it. 

Almost all of the documents pertained to loans and mortgages offered by some of the largest lenders in America dating as far back as 2008 (including some that are now defunct). 

Some of the sensitive information exposed by the unforced error included social security numbers and W-2 forms, which are used by scammers to claim refunds. Citi, one of the lenders identified in the documents, said it has no continuing relationship with the third party responsible for the leak.

ZeroHedge

You Might Also Read:

Australia's Largest Bank Lost The Personal Financial Histories Of 12m Customers:

 

« The Future Of War is Cyber
Connecting African IT & Software Developers With Top Tech Companies »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Aurec

Aurec

Aurec provides specialist recruitment and contracting services including ICT professionals.

RioRey

RioRey

The DDoS mitigation specialist, from single server to Enterprise wide carrier level networks the RioRey Solution provides effective immediate and easy to manage protection.

WatchGuard

WatchGuard

WatchGuard is a leader in network security, secure Wi-Fi, and network intelligence products and services for SMBs and Enterprises worldwide.

Mobile Mentor

Mobile Mentor

Mobile Mentor is an independent provider of enterprise mobility solutions in New Zealand and Australia.

CARICERT

CARICERT

CARICERT is the National Cyber Emergency Response Team of Curacao in the Caribbean.

Google for Startups

Google for Startups

Google for Startups is Google’s initiative to help startups thrive across every corner of the world.

OffSec

OffSec

OffSec have defined the standard of excellence in penetration testing training. Elite security instructors teach our intense training scenarios and exceptional course material.

Beauceron Security

Beauceron Security

Beauceron's cloud-based platform gives employees a powerful personal cyber-risk coach empowering them to improve their cybersecurity practices and behaviours.

Defscope

Defscope

Defscope is an Azerbaijani company entirely focused on cybersecurity offering training, security consulting, and other professional services.

Arqit Quantum

Arqit Quantum

Arqit's mission is to use transformational quantum encryption technology to keep safe the data of our governments, enterprises and citizens.

Datastream Cyber Insurance

Datastream Cyber Insurance

DataStream Cyber Insurance is designed to give SMB’s across the US greater confidence in the face of increasing cyber attacks against the small and medium business community.

Questex Asia Total Security Conference

Questex Asia Total Security Conference

Questex Asia’s Total Security Conferences is one of the industry’s most prestigious and engaging forums for the region's top information security leaders and business decision-makers.

TetherView

TetherView

TetherView provides leading virtual desktop and email security technology to help businesses stand up and manage digital workspaces.

Acclaim Technical Services (ATS)

Acclaim Technical Services (ATS)

ATS provide operational products, services and solutions to the defense and intelligence communities for all types of critical mission needs.

Lenze

Lenze

Lenze are an experienced partner for automation systems, digitalization and cyber security.

TeamSystem

TeamSystem

TeamSystem is a leading tech company in the market for digital business management solutions for companies and professionals.