ascension bank loan data breach citi wells fargo hsbc elasticsearch cybersecurity

24 Million Bank Loan & Mortgage Documents Exposed

Due to poor security practices, millions of people’s data have been exposed once again, leaking confidential information. In this recent breach, 24 million bank loan and mortgage documents were exposed.

A Server Security Lapse

Data breaches put people at risk of identity fraud and scams, but this one could put mortgages, loans, and home titles at risk.

ascension bank loan data breach citi wells fargo hsbc

Due to a misconfigured server, 24 million financial and banking documents have been left exposed online as far back as 2008, if not longer. According to a report from Techcrunch, the database was sitting on an unprotected server running an Elasticsearch database. Similar to other data breaches of this type, the database was not protected by any password, allowing anyone to view and access the treasure trove of information.

ascension bank loan data breach citi wells fargo hsbc elasticsearch cybersecurity

The server, running an Elasticsearch database, had more than a decade’s worth of data, containing loan and mortgage agreements, repayment schedules and other highly sensitive financial and tax documents that reveal an intimate insight into a person’s financial life.

Data Breach Exposure

ascension bank loan data breach citi wells fargo hsbc

The breach was traced back to Ascension, a data and analytics firm based in Forth Worth, Texas. The company provides data analysis and portfolio valuations. Among its services, the Ascension converts paper documents and handwritten notes into computer-readable files — known as OCR.

ascension bank loan data breach citi wells fargo hsbc capitalone cybersecurity opticsML

Some of the loans were shared with a contractor, OpticsML, for analysis. This New York-based company couldn’t immediately confirm how many loan documents were exposed. Efforts to reach OpticsML were unsuccessful as their website is offline and their phone number has been disconnected.

Security researcher, Bob Diachenko, discovered the exposed data on January 10th, 2019 through a public search engine, Shodan. Diachenko believed the database was exposed for two weeks and it was shut down on January 15th.

Leaked Information

ascension bank loan data breach citi wells fargo hsbc capitalone cybersecurity

The Ascension leaked documents include loan and mortgage records from the major banking institutions such as CitiFinancial, HSBC Life Insurance, Wells Fargo, CapitalOne, and U.S. federal agencies including the Department of Housing and Urban Development.

Aside from these sensitive documents, the leak also exposed personal information including:

  • Names
  • Addresses
  • Birth dates
  • Social Security numbers
  • Bank account numbers
  • Checking account numbers
  • Loan agreements
  • Bankruptcy filings
  • Tax documents (including W-2 tax forms)

The number of impacted individuals is still unclear. As investigations are continuing, it is unknown if cyber-criminals accessed the database.

ascension bank loan data breach citi wells fargo hsbc cybersecurity identity protection

“These documents contained highly sensitive data, such as Social Security numbers, names, phones, addresses, credit history and other details which are usually part of a mortgage or credit report,” Diachenko stated. “This information would be a gold mine for cyber-criminals who would have everything they need to steal identities, file false tax returns, get loans or credit cards.”

Secure Your Digital Life

cybersecurity ascension bank loan data breach citi wells fargo hsbc identity protection

The leaked data from this breach can lead to malicious activity if this information was accessed by a cyber-attacker. Protect yourself against these attacks with these recommendations.

  • Beware of phishing scams – Scammers will try and piggyback on huge breaches like this. They will create phishing emails, pretending to be the affected company, hoping to get victims to click on malicious links that could lead to more problems.
  • Keep an eye on your bank accounts – You should be frequently checking your bank statements, looking for suspicious activity. If you see anything that seems strange, report it immediately.
  • Check your online accounts Have I Been Pwned is an easy-to-use site with a database of information that hackers and malicious programs have released publicly. It monitors hacker sites and collects new data every five to 10 minutes about the latest hacks and exposures.
  • Get a credit freeze – If you think that your identity has already compromised, put a credit freeze on your accounts as soon as you can.

Original Article Found Here.

3Shares