Due to poor security practices, millions of people’s data have been exposed once again, leaking confidential information. In this recent breach, 24 million bank loan and mortgage documents were exposed.
A Server Security Lapse
Data breaches put people at risk of identity fraud and scams, but this one could put mortgages, loans, and home titles at risk.
Due to a misconfigured server, 24 million financial and banking documents have been left exposed online as far back as 2008, if not longer. According to a report from Techcrunch, the database was sitting on an unprotected server running an Elasticsearch database. Similar to other data breaches of this type, the database was not protected by any password, allowing anyone to view and access the treasure trove of information.
The server, running an Elasticsearch database, had more than a decade’s worth of data, containing loan and mortgage agreements, repayment schedules and other highly sensitive financial and tax documents that reveal an intimate insight into a person’s financial life.
Data Breach Exposure
The breach was traced back to Ascension, a data and analytics firm based in
Some of the loans were shared with a contractor,
Security researcher, Bob Diachenko, discovered the exposed data on January 10th, 2019 through a public search engine, Shodan. Diachenko believed the database was exposed for two weeks and it was shut down on January 15th.
The Ascension leaked documents include loan and mortgage records from the major banking institutions such as CitiFinancial, HSBC Life Insurance, Wells Fargo, CapitalOne, and U.S. federal agencies including the Department of Housing and Urban Development.
Aside from these sensitive documents, the leak also exposed personal information including:
- Birth dates
- Social Security numbers
- Bank account numbers
- Checking account numbers
- Loan agreements
- Bankruptcy filings
- Tax documents (including W-2 tax forms)
The number of impacted individuals is still unclear. As investigations are continuing, it is unknown if cyber-criminals accessed the database.
“These documents contained highly sensitive data, such as Social Security numbers, names, phones, addresses, credit history and other details which are usually part of a mortgage or credit report,” Diachenko stated. “This information would be a gold mine for cyber-criminals who would have everything they need to steal identities, file false tax returns, get loans or credit cards.”
Secure Your Digital Life
The leaked data from this breach can lead to malicious activity if this information was accessed by a cyber-attacker. Protect yourself against these attacks with these recommendations.
- Beware of phishing scams – Scammers will try and piggyback on huge breaches like this. They will create phishing emails, pretending to be the affected company, hoping to get victims to click on malicious links that could lead to more problems.
- Keep an eye on your bank accounts – You should be frequently checking your bank statements, looking for suspicious activity. If you see anything that seems strange, report it immediately.
- Check your online accounts –Have I Been Pwned is an easy-to-use site with a database of information that hackers and malicious programs have released publicly. It monitors hacker sites and collects new data every five to 10 minutes about the latest hacks and exposures.
- Get a credit freeze – If you think that your identity has already compromised, put a credit freeze on your accounts as soon as you can.
Original Article Found Here.