Home / Daily Dose / Data Breach Puts Homeowners at Risk
Print This Post Print This Post

Data Breach Puts Homeowners at Risk

On January 15, OpticsML, a New York-based vendor immediately shut down their server after learning that a configuration error leaked millions of bank loan and mortgage documents, including highly sensitive financial data on customers who took loans from U.S. banks, according to a report in TechCrunch.

Sandy Campbell, General Counsel at Ascension’s parent company, Rocktop Partners, confirmed the incident to TechCrunch. TechCrunch’s report stated that running an Elasticsearch database, the server had more than a decade’s worth of data, including loan and mortgage agreements, repayment schedules and financial and tax documents. The statement mentioned that a portion of the loans have been submitted for analysis, but at the moment, the exact number of loans exposed cannot be confirmed.

“The vendor immediately shut down the server in question, and we are working with third-party forensics experts to investigate the situation. We are also in regular contact with law enforcement investigators and technology partners as this investigation proceeds,” Campbell said. 

“While sophisticated attacks may grab headlines, these types of misconfigurations can definitely be as impactful to the bottom line, if not more," said Tim Erlin, VP, Product Management and Strategy, at cybersecurity firm Tripwire. He was reacting to the massive data breach wherein thousands of borrowers may have had their mortgage and loan information leaked in a recent server security lapse. 

"This wasn’t a sophisticated attack by a well-funded nation-state adversary. It was a misconfiguration, a mistake. Organizations need to be able to detect and remediate misconfigurations, period. This is highly sensitive data that was exposed to anyone willing to look for it," he added.

According to Techcrunch, the server was not password protected and remained vulnerable for around two weeks before shutting down on January 15. The leak was traced back to Fort Worth-based Ascension, a data and analytics company for the financial industry. The company’s bank of converted paper-to-digital documents was what was exposed, according to Independent Security Researcher Bob Diachenko, who found the data initially. The documents affected include loans and mortgages and other correspondence from several of the major financial and lending institutions dating as far back as 2008, including Citigroup, HSBC Life Insurance, Wells Fargo, CapitalOne and some U.S. federal departments, including the Department of Housing and Urban Development.

“These documents contained highly sensitive data, such as Social Security numbers, names, phones, addresses, credit history and other details which are usually part of a mortgage or credit report. This information would be a gold mine for cybercriminals who would have everything they need to steal identities, file false tax returns, get loans or credit cards,” Diachenko told TechCrunch.

About Author: Seth Welborn

Seth Welborn is a contributing writer for DS News. He is a Harding University graduate with a degree in English and a minor in writing, and has studied abroad in Athens, Greece. An East Texas native, he also works part-time as a photographer.
x

Check Also

NFIP Has Paid over $1B in Florida since Irma

Despite the high payouts from the National Flood Insurance Program, officials are still urging Florida homeowners, renters and business owners to contact their insurance agent and insure their properties from flooding.

GET YOUR DAILY DOSE OF DS NEWS

Featuring daily updates on foreclosure, REO, and the secondary market, DS News has the timely and relevant content you need to stay at the top of your game. Get each day’s most important default servicing news and market information delivered directly to your inbox, complimentary, when you subscribe.