[ad_1]
A huge database containing more than 24 million banking and financial records of some of the largest US banks has recently been leaked online, available without a pbadword for perhaps two weeks. The database contained more than 10 years of loan and mortgage agreements, tax documents, social security numbers, bank account numbers, names, addresses and more.
The server security failure was reported for the first time by Zack Whittaker at TechCrunch. According to independent researcher Bob Diachenko,
"These documents contained extremely sensitive data. This information would be a gold mine for cybercriminals who have everything they need to steal their identities, file false tax returns, get a loan or a credit card. "
Diachenko found the data in an unprotected Elasticsearch cluster. With the help of TechCrunch, the leak was traced back to Fort Ascension's data and badysis company, Ascension. Worth Texas. One of Ascension's services includes the conversion of paper documents and handwritten notes into computer files, also known as OCR. The OCR files were compromised during the leak.
[NEW REPORT] Team up with powerful @zackwhittaker on that one – it was really a big, indeed https://t.co/VTzK3zkOAg
– Bob Diachenko (@ MayhemDayOne) January 23, 2019
Sandy Campbell, General Counsel for Rocktop Partners, Ascension's parent company, said:
"On January 15, this provider learned that a misconfiguration of the server could have exposed some mortgage related documents. The provider immediately stopped the server in question and we are working with third party forensic experts to investigate the situation. "
The provider has been identified as the New York-based company OpticsML, whose phone number and website have recently been disconnected.
Fintech and data storage companies are working on the development of decentralized database solutions to prevent similar leaks. By distributing sensitive data, blockchain-based platforms are cryptographically secure and designed to eliminate single points of failure, pbadword failures, and Internet visibility. Blockchain systems are also designed to regulate and control who has access to the data, and to make that access transparent, without having to rely on a report from a party or an intermediary.
TechCrunch reports that CitiFinancial, a now-defunct branch of Citigroup, was one of many large financial institutions hit by the leak, which also compromised personal data and sensitive files from HSBC, Wells Fargo, CapitalOne as well as the US Department of Housing and Urban Development. .
A spokesman for Citi said:
"Citi recently learned that a third party, unrelated to Citi, was storing certain mortgage creation and modification documents in an unsecured online environment. These documents contained information about Citi's current or former clients, as well as about clients of other financial institutions. Citi notified the forces of order, opened a thorough forensic investigation and worked quickly to ensure that the information was no longer accessible to the public. "
Colin Bastable, CEO of Lucy Security, told SC Media that large financial institutions delegate work to companies like Ascension without securing the data.
"When US lenders transfer our mortgages and loans to third parties, they also transfer the data and wash their hands of any responsibility. In its pursuit of profitability, the US financial sector outsourced many services to third-party service providers. Consumer data is at the heart of this fragmented sector. "
Elasticsearch, which is a database for storing, retrieving and managing documents. While organizations typically install Elasticsearch to enhance their web application data indexing and retrieval capabilities, they can also inadvertently expose their internal servers, loaded with documents containing personal information, to the Internet.
The recent breach is one of four cases discovered this month on Elasticsearch. The researchers also discovered the following leaks.
Last November, Diachenko also discovered another leak of Elasticsearch.
Diachenko wrote in a blog:
"On November 29, I identified an unprotected Elasticsearch cluster, publicly accessible, via the Shodan engine. I took some time before badyzing the data and finding that almost all the payment information (credit card details) was related to Bancolombia. I have therefore decided that this would be the fastest possible solution to prevent the theft of such data and report the incident directly to banking authorities.
Shortly after contacting Bancolombia, the case was secured (November 30) and the next day, a representative of a data management company, Waumovil, contacted me and contacted me. Thanked for the warned.unfortunately, we had open ports that I did not know. ""
You can read Diachenko's full blog on Bancolombia's data leak here.
Join us on Telegram
Discover the latest titles
Disclaimer: The opinions expressed in Daily Hodl are not investment advice. Investors should exercise due diligence before making high-risk investments in Bitcoin, Cryptocurrency or digital badets. Please note that your transfers and transactions are at your own risk and that any loss you may incur is your responsibility. The Daily Hodl does not recommend buying or selling crypto-currencies or digital badets, and the Daily Hodl is not an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
[ad_2]
Source link
