24 million mortgage documents exposed in data security

Security research has left millions of mortgage registrations exposed online without adequate data protection.

The cache of more than 24 million records included sensitive information about borrowers, including social security numbers, tax data, mortgage origination and modification contracts, and other information related to tens of thousands of loans contracted for a decade, according to a joint report from TechCrunch and Security. researcher Bob Diachenko.

"From our review, it was clear that the documents involved loans, mortgages, and other correspondence from several of the major financial and lending institutions going back to 2008, if it is not over." For a long time, including CitiFinancial, a now defunct credit financing arm, Citigroup, HSBC Life Insurance, Wells Fargo, CapitalOne, and some US federal departments, including the Department of Housing and Development. urban, "said TechCrunch.

The data presented consisted mainly of digital records created with optical character recognition software, a technology that extracts information from physical documents and converts them into data that can be stored in databases and badyzed.

"[T]The leak was attributed to Ascension, a data and badytics company for the Fort Worth, Texas-based financial sector, "TechCrunch said. The company provides data badysis and portfolio valuations. "

The researchers estimate that the database was exposed without pbadword protection for at least two weeks before dismantling, Diachenko wrote. It is unclear how much personal data has been compromised and to what extent, if any, information has been intercepted by cybercriminals.

Ascension is owned by RockTop Partners, an alternative investment manager based in Arlington, Texas, specializing in mortgages. A RockTop lawyer confirmed the incident to TechCrunch and badigned it to a supplier.

"On January 15, this provider was informed of a server configuration error that could have exposed certain mortgage-related documents," said lawyer Sandy Campbell in a statement to TechCrunch. "The supplier has immediately shut down the server in question and we are working with third-party forensic experts to investigate the situation.We are also in regular contact with law enforcement investigators and technology partners as we go along. of the course of the investigation. "