Tech News, Magazine & Review WordPress Theme 2017
  • FEATURES
    • News
    • Bitcoin
    • Ethereum
    • Ripple and XRP
    • Altcoins
    • Trading
    • Blockchain
    • Futuremash
    • Regulators
    • Scams
    • Crypto 101
  • HODLX
    • Latest Stories
    • FAQ
    • Submit Your Guest Blog
  • CRYPTO LIVEWIRE
    • Latest
    • Press Releases
    • Sponsored Posts
    • Submit Your Content
  • BEGINNERS
    • What Is Bitcoin?
    • What Is Blockchain?
    • What Does Hodl Mean?
    • How to Pay Your Bills with Bitcoin
    • Best Bitcoin FAQs
    • Example of Bitcoin’s Purpose
    • Cryptocurrency Has Multiple Meanings
    • Authenticator Alert – Securing Your Crypto
  • SUBMIT
    • Guest Blog
    • Press release
    • Sponsored post
  • EXPLORE
    • eToro
No Result
View All Result
  • FEATURES
    • News
    • Bitcoin
    • Ethereum
    • Ripple and XRP
    • Altcoins
    • Trading
    • Blockchain
    • Futuremash
    • Regulators
    • Scams
    • Crypto 101
  • HODLX
    • Latest Stories
    • FAQ
    • Submit Your Guest Blog
  • CRYPTO LIVEWIRE
    • Latest
    • Press Releases
    • Sponsored Posts
    • Submit Your Content
  • BEGINNERS
    • What Is Bitcoin?
    • What Is Blockchain?
    • What Does Hodl Mean?
    • How to Pay Your Bills with Bitcoin
    • Best Bitcoin FAQs
    • Example of Bitcoin’s Purpose
    • Cryptocurrency Has Multiple Meanings
    • Authenticator Alert – Securing Your Crypto
  • SUBMIT
    • Guest Blog
    • Press release
    • Sponsored post
  • EXPLORE
    • eToro
No Result
View All Result
The Daily Hodl
No Result
View All Result

Millions of Sensitive Financial Docs Exposed in Giant Database Leak, Highlighting Push for Blockchain Solutions

by Daily Hodl Staff
January 24, 2019
in Blockchain
‏‏‎ ‏‏‎ ‏‏‎ ‏‏‎
‎‎‎ ‏‏‎

A massive database containing over 24 million banking and financial documents from some of the largest US banks was recently leaked online, available without a password for possibly two weeks. The database contained over 10 years of loan and mortgage agreements, tax documents, social security numbers, bank account numbers, names, addresses and more.

The server security lapse was first reported by Zack Whittaker at TechCrunch. According to independent researcher Bob Diachenko,

“These documents contained highly sensitive data. This information would be a gold mine for cyber criminals who would have everything they need to steal identities, file false tax returns, get loans or credit cards.”

Diachenko found the data in an unprotected Elasticsearch cluster. With help from TechCrunch, the leak was traced back to data and analytics company Ascension, based in Ft. Worth, Texas. One of Ascension’s services include converting paper documents and handwritten notes into computer files, also known as OCR. The OCR files were compromised during the leak.

[NEW REPORT] Teaming up with mighty @zackwhittaker on that one – that was really big one, indeed https://t.co/VTzK3zkOAg

— Bob Diachenko (@MayhemDayOne) January 23, 2019

Sandy Campbell, general counsel at Rocktop Partners, the parent company of Ascension, says,

“On January 15, this vendor learned of a server configuration error that may have led to exposure of some mortgage-related documents. The vendor immediately shut down the server in question, and we are working with third-party forensics experts to investigate the situation.”

The vendor was found to be New York-based company OpticsML, whose phone number and website have recently gone offline.

Fintech and data storage companies are working to develop decentralized database solutions to avoid similar leaks. By distributing sensitive data, blockchain-based platforms are cryptographically secured and are designed to eliminate single points of failure, password lapses and internet exposure. Blockchain systems are also designed to regulate and control who has access to data, and to make such access transparent without having to rely on a report from one party or an intermediary.

TechCrunch reports that CitiFinancial, a now-defunct branch of Citigroup, was one of several large financial institutions affected by the leak which also compromised personal data and sensitive files from HSBC, Wells Fargo, CapitalOne as well as the US Department of Housing and Urban Development.

A Citi spokesperson says,

“Citi recently became aware that a third party, with no connection to Citi, was storing certain mortgage origination and modification documents in an unsecure online environment. These documents contained information about current or former Citi customers, as well as customers from other financial institutions. Citi notified law enforcement, initiated a thorough forensic investigation and worked quickly to ensure the information could no longer be publicly accessed.”

Speaking to SC Media, Colin Bastable, CEO of Lucy Security, says big financial institutions offload work to companies like Ascension without securing the data that’s involved.

“When US lenders offload our mortgages and loans to third parties, they offload the data too, and wash their hands of all responsibility. In its drive for profitability, the US financial industry has outsourced many services to third party service providers, and at the heart of this fragmented industry is consumer data.” 

Elasticsearch, which is a database for storing, retrieving and managing documents. While companies typically install Elasticsearch to improve their web application data indexing and search capabilities, they can also inadvertently expose their internal servers, loaded with troves of documents containing personal information, to the internet.

The recent breach is one of four discovered this month on Elasticsearch. Researchers also discovered the following leaks.

  • Millions of calls and text messages from Voipo
  • Four million intern applications from the youth group AIESEC
  • 108 million gambling records from online casinos

Last November Diachenko also discovered another Elasticsearch leak.

In a blog post, Diachenko wrote,

“On Nov 29th I have identified an unprotected Elasticsearch cluster, available for public access, via Shodan engine. It took me some time before I analyzed the data and noted that almost all payment information (credit cards details) was related to Bancolombia, so I decided it would be the quickest possible solution to prevent this data from being stolen and report the incident directly to bank authorities.

Shortly after I contacted Bancolombia, instance has been secured (Nov. 30) and on the next day I was contacted by a representative of a company that managed the data, Waumovil, who thanked me for the heads up and said that ‘unfortunately we had some open ports that I was not aware.’”

You can check out Diachenko’s full blog post on the Bancolombia data leak here.

Follow us on Facebook            Join us on Telegram            Follow us on Twitter


Check Latest News Headlines


ADVERTISEMENT


Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any loses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
Submit a Press Release

Crypto Livewire – Press Releases

  • Unifi Farms Beta Launches on Unifi Protocol to Pioneer No-Stake Farming
    February 26, 2021
  • Bang Bang: Critical Factors Fueling Rise of the Retail Investor
    February 25, 2021
  • How Traders Make Money in Both Bull and Bear Markets on BigoMex
    February 25, 2021
  • Student Coin Found New Ways to Use Crypto
    February 24, 2021
  • Everest Receives Crypto Custodian Approval
    February 23, 2021
Submit a Guest Post
ADVERTISEMENT
Bitcoin
$47,882.00
$47,882.00
7.22%
Ethereum
$1,527.22
$1,527.22
12.39%
Binance Coin
$251.00
$251.00
19.75%
Polkadot
$34.94
$34.94
11.77%
Cardano
$1.26
$1.26
1.38%
XRP
$0.431535
$0.431535
4.11%
ADVERTISEMENT

Spotlight

  • Elon Musk’s Harsh Take on Hosted Crypto Wallets – Here’s the Flip Side of the Coin
    February 24, 2021
  • Whale Alert: $4,500,000,000 in Bitcoin Moved in Historic Transfer – Here’s Who’s Behind the Curtain
    March 1, 2021
  • As Bitcoin and Ethereum Tumble, Analyst Who Predicted Crypto Correction Plots Path Ahead
    February 22, 2021
  • Crypto Exchange Sells Thousands of Bitcoin for $6,000 Each Amid Surge in Market Volatility: Report
    February 26, 2021

DON’T MISS A BEAT

Crypto headlines delivered daily
to your inbox
BTC, ETH, XRP news alert options

By joining The Daily Hodl news list you agree to our
Terms and Conditions and Privacy Policy.

Check your inbox for confirmation email.

Cryptocurrency news and analysis, covering Bitcoin, Ethereum, Ripple, XRP, altcoins and blockchain technology

Categories

Bitcoin • Ethereum • Trading •
Ripple and XRP • Altcoins •
Blockchain • Regulators •
Scams • Crypto101 • HodlX • Explore • Futuremash •
Crypto Livewire

ABOUT US | EDITORIAL POLICY | PRIVACY POLICY
TERMS AND CONDITIONS | CONTACT

JOIN US ON TELEGRAM

JOIN US ON TWITTER

JOIN US ON FACEBOOK

COPYRIGHT © 2017-2021 THE DAILY HODL

No Result
View All Result
  • FEATURES
    • News
    • Bitcoin
    • Ethereum
    • Ripple and XRP
    • Altcoins
    • Trading
    • Blockchain
    • Futuremash
    • Regulators
    • Scams
    • Crypto 101
  • HODLX
    • Latest Stories
    • FAQ
    • Submit Your Guest Blog
  • CRYPTO LIVEWIRE
    • Latest
    • Press Releases
    • Sponsored Posts
    • Submit Your Content
  • BEGINNERS
    • What Is Bitcoin?
    • What Is Blockchain?
    • What Does Hodl Mean?
    • How to Pay Your Bills with Bitcoin
    • Best Bitcoin FAQs
    • Example of Bitcoin’s Purpose
    • Cryptocurrency Has Multiple Meanings
    • Authenticator Alert – Securing Your Crypto
  • SUBMIT
    • Guest Blog
    • Press release
    • Sponsored post
  • EXPLORE
    • eToro

© 2020 The Daily Hodl

×
We use cookies to give you the best online experience possible. Continue browsing if you are happy with that, or see how to manage cookies.