New data breach affects 24 million+ big bank loan customers

|
data protection on a tablet computer
Image Credit: Dreamstime

Have you taken out a mortgage or a loan or purchased life insurance with a big bank in the last 10 years? If so, there’s a chance your sensitive financial and banking documents may have been leaked as part of a new data breach.

RELATED: Nearly 800 million email addresses, passwords exposed

TechCrunch: 24 million financial and banking documents were exposed

TechCrunch is out with an exclusive new report stating that 24 million+ financial and banking documents were leaked from a server that didn’t even have password protection on it.

The breach, which lasted for two weeks, exposed data on tens of thousands of mortgages and loans going back 10 years. The database vulnerability has since been sealed.

But this breach hit customers who may have done business with a variety of life insurance operations, bank lenders and even government entities.

What companies are involved in this breach?

Included in the breach are HSBC’s life insurance operation, lenders like Capital One, Citigroup and Wells Fargo and the U.S. Department of Housing and Urban Development.

What kinds of data were exposed?

  • Names
  • Addresses
  • Birth dates
  • Social Security numbers
  • Bank and checking account numbers
  • Details of loan agreements
  • Bankruptcy info (if applicable to borrower)
  • W-2 tax forms

W-2 tax forms can be particularly dangerous in a criminal’s hands. Scammers can easily use W-2 tax forms to commit tax fraud by filing for a tax refund in someone else’s name.

How did this data get in the wrong hands?

A financial industry data and analytics company called Ascension left an Elasticsearch database unprotected — without a password — hence the breach.

So how did Ascension actually get all this data in the first place? The likeliest scenario here is that the banks, for example, who underwrote the mortgages later turned around and sold them out of portfolio.

That’s when Ascension — which converts paper documents and handwritten notes into computer-readable files, among providing other services — would have handled these documents.

Advertisement

In some cases, the lenders in question hadn’t done business with Ascension or any of its vendors since 2010, but data never dies.

What should you do if you think you might be affected?

If you think your info may have been breached, now is the time to take steps to protect yourself.

A full-blown credit freeze is the best way to stop potential identity thieves down before they wreak havoc in your life.

A credit freeze effectively shuts down a criminal’s ability to open new credit in your name even if they get your personal info in a breach.

Furthermore, if identity theft is a concern, be proactive and sign up for Credit Karma’s credit monitoring service, and a similar service from Credit Sesame. They’re both free!

More Clark.com stories you may like:

Advertisement
  • Show Comments Hide Comments