TechCrunch says customers’ financial data may have been included
It’s being reported that sensitive financial data of millions of mortgage customers may have been leaked online.
According to TechCrunch.com millions of documents relating to mortgages and other loans from major US banks were accidentally visible online due to a security breach.
The documents included mortgage agreements, repayment schedules, and tax documents.
The data was discovered by independent security expert Bob Diachenko who says that the breach included documents from CitiFinancial, a now-defunct arm of Citigroup.
OK, so I have a 50GB database of mortgage reports with PII (SSN, addresses, phones etc) exposed, presumably of now-defunct @Citi-Financial, but nobody cared to respond for more than 48h now.— Bob Diachenko (@MayhemDayOne) January 14, 2019
TechCrunch says that documents were also found from organizations including Wells Fargo and the HUD. It appears that at least some of the loans may have been owned by third parties at the time of the breach.
TechCrunch says that the data was available online for 2 weeks and that the breach was traced back to a financial services analytics firm.
The documents were apparently leaked due to a server error rather than a hack; and Tim Erlin, VP, product management and strategy at cybersecurity firm Tripwire told MPA that organizations need to be prepared for these situations.
“While sophisticated attacks may grab headlines, these types of misconfigurations can definitely be as impactful to the bottom line, if not more,” he said. “This wasn’t a sophisticated attack by a well-funded nation-state adversary. It was a misconfiguration, a mistake. Organizations need to be able to detect and remediate misconfigurations, period.”