New data breach affects 24 million+ big bank loan customers

Written by |

Have you taken out a mortgage or a loan or purchased life insurance with a big bank in the last 10 years? If so, there’s a chance your sensitive financial and banking documents may have been leaked as part of a new data breach.

RELATED: Nearly 800 million email addresses, passwords exposed

TechCrunch: 24 million financial and banking documents were exposed

TechCrunch is out with an exclusive new report stating that 24 million+ financial and banking documents were leaked from a server that didn’t even have password protection on it.

The breach, which lasted for two weeks, exposed data on tens of thousands of mortgages and loans going back 10 years. The database vulnerability has since been sealed.

But this breach hit customers who may have done business with a variety of life insurance operations, bank lenders and even government entities.

What companies are involved in this breach?

Included in the breach are HSBC’s life insurance operation, lenders like Capital One, Citigroup and Wells Fargo and the U.S. Department of Housing and Urban Development.

What kinds of data were exposed?

  • Names
  • Addresses
  • Birth dates
  • Social Security numbers
  • Bank and checking account numbers
  • Details of loan agreements
  • Bankruptcy info (if applicable to borrower)
  • W-2 tax forms

W-2 tax forms can be particularly dangerous in a criminal’s hands. Scammers can easily use W-2 tax forms to commit tax fraud by filing for a tax refund in someone else’s name.

How did this data get in the wrong hands?

A financial industry data and analytics company called Ascension left an Elasticsearch database unprotected — without a password — hence the breach.

So how did Ascension actually get all this data in the first place? The likeliest scenario here is that the banks, for example, who underwrote the mortgages later turned around and sold them out of portfolio.

That’s when Ascension — which converts paper documents and handwritten notes into computer-readable files, among providing other services — would have handled these documents.


In some cases, the lenders in question hadn’t done business with Ascension or any of its vendors since 2010, but data never dies.

What should you do if you think you might be affected?

If you think your info may have been breached, now is the time to take steps to protect yourself.

A full-blown credit freeze is the best way to stop potential identity thieves down before they wreak havoc in your life.

A credit freeze effectively shuts down a criminal’s ability to open new credit in your name even if they get your personal info in a breach.

Furthermore, if identity theft is a concern, be proactive and sign up for Credit Karma’s credit monitoring service, and a similar service from Credit Sesame. They’re both free!

More stories you may like:

Welcome bonuses can be a great way to boost the value of a credit card. Best Credit Card Sign-up Bonuses for 2023 - If you're in the market for a new credit card in 2023, you may be hoping to cash in on the hundreds of dollars in sign-up bonuses offered to new customers. Welcome bonuses and offers are a marketing tool that…
The best cell phone plans include Tello, Mint Mobile, Visible, T-Mobile, Consumer Cellular and more Best Cell Phone Plans in 2023: The Cheapest Plan for Every Need - Team Clark ranks the best cell phone plans and deals! See our favorites for unlimited data, families and cheap plans starting at $10/month.